CSP Enhancement by removing unsafe-inline #1517
Labels
enhancement
New feature or improvement
Comments
|
Can you give me an example how an adversary would use inline scripts to compromise static sites? |
|
Here you can find some examples: Do you use Content Security Policy with your Hugo site? |
I know CSP is a good way to prevent some attacks. If you are certain about the impact please let me know the entry points and attack paths available using |
adityatelange
changed the title
|
I'm using profile mode and when I remove `unsafe-inline' from my homepage I get the following errors: |
|
alright, figure it out |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Dear all,
I've added the CSP header to my Hugo site, but to render PaperMod correctly I'm forced to add the
script-src 'unsafe-inline'directive.Can you please consider removing inline JavaScript and style?
Many thanks
The text was updated successfully, but these errors were encountered: