We currently use a couple of inline scripts (e.g. for fontawesome) that requires unsafe-inline in the Content Security Policy header.
Acceptance criteria
- remove
unsafe-inline from the CSP
- use hashes / nonces to allow loading of those resources that would be blocked by
unsafe-inline
See also #343
We currently use a couple of inline scripts (e.g. for fontawesome) that requires
unsafe-inlinein the Content Security Policy header.Acceptance criteria
unsafe-inlinefrom the CSPunsafe-inlineSee also #343