-
-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSP Enhancement by removing unsafe-inline #1517
Comments
Can you give me an example how an adversary would use inline scripts to compromise static sites? |
Here you can find some examples: Do you use Content Security Policy with your Hugo site? |
I know CSP is a good way to prevent some attacks. If you are certain about the impact please let me know the entry points and attack paths available using |
alright, figure it out |
Dear all,
I've added the CSP header to my Hugo site, but to render PaperMod correctly I'm forced to add the
script-src 'unsafe-inline'
directive.Can you please consider removing inline JavaScript and style?
Many thanks
The text was updated successfully, but these errors were encountered: