Closed Schwitzd closed 4 months ago
Can you give me an example how an adversary would use inline scripts to compromise static sites?
Here you can find some examples: Do you use Content Security Policy with your Hugo site?
Here you can find some examples: Do you use Content Security Policy with your Hugo site?
I know CSP is a good way to prevent some attacks. If you are certain about the impact please let me know the entry points and attack paths available using inline-scripts
.
I'm using profile mode and when I remove `unsafe-inline' from my homepage I get the following errors:
alright, figure it out
Dear all,
I've added the CSP header to my Hugo site, but to render PaperMod correctly I'm forced to add the
script-src 'unsafe-inline'
directive. Can you please consider removing inline JavaScript and style?Many thanks