With publii it is currently not possible to tune the CSP response header up to maximum safety. Mozilla Observatory recommends to not use any inline styles or inline scripts. Both publii and the technews theme make use of these (i.e. for lazy loading) which forces me to set "unsafe-inline" in the CSP.
Feature Description
With publii it is currently not possible to tune the CSP response header up to maximum safety. Mozilla Observatory recommends to not use any inline styles or inline scripts. Both publii and the technews theme make use of these (i.e. for lazy loading) which forces me to set "unsafe-inline" in the CSP.