Skip to content

CSP: remove unsafe-inline from script-src #130

New issue
New issue
Open
Feature
Open
CSP: remove unsafe-inline from script-src#130
Feature
Labels
enhancementNew feature or requestowner: maykintriageTriage means the team has not yet refined this issue.
@alextreme

Description

@alextreme
alextreme
opened on Mar 28, 2025

Thema / Theme

Other

Omschrijving / Description

Lets remove unsafe-inline also from script-src

open-api-framework/open_api_framework/conf/base.py

Line 1048 in f6aac9e

CSP_SCRIPT_SRC = CSP_DEFAULT_SRC + ["'unsafe-inline'"]

Double-check that Redoc and third-party admin apps work as expected. If it's necessary to whitelist specific URLs or to relax this setting for specific components that's fine, as long as the default is secure/secureder

Toegevoegde waarde / Added value

No response

Aanvullende opmerkingen / Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestowner: maykintriageTriage means the team has not yet refined this issue.

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions