This is not as much of a bug, but rather a question of why.
When adding a CSP to my Episerver Site, i can configure everything to work safly and securly on the front end.
But the second one tries to load /episerver/cms everything breaks cause the csp blocks dojo.js attempts to run a eval() function aswell as the inline scripts that is put into edit mode.
My question is this:
Are there any plans to fix this as far as we are aware of? Cause running episerver with a csp that has to include both 'unsafe-inline' and 'unsafe-eval' feels rather bad.
Best Regards
Pål-j
↧
Episerver Cms and Content Security Policy Header
↧