adityatelange
commented
4 months ago Can you give me an example how an adversary would use inline scripts to compromise static sites?
Closed Schwitzd closed 4 months ago
adityatelange
commented
4 months ago Can you give me an example how an adversary would use inline scripts to compromise static sites?
Schwitzd
commented
4 months ago Here you can find some examples: Do you use Content Security Policy with your Hugo site?
adityatelange
commented
4 months ago Here you can find some examples: Do you use Content Security Policy with your Hugo site?
I know CSP is a good way to prevent some attacks. If you are certain about the impact please let me know the entry points and attack paths available using inline-scripts.
Schwitzd
commented
4 months ago I'm using profile mode and when I remove `unsafe-inline' from my homepage I get the following errors:
adityatelange
commented
4 months ago alright, figure it out
Dear all,
I've added the CSP header to my Hugo site, but to render PaperMod correctly I'm forced to add the
script-src 'unsafe-inline'directive. Can you please consider removing inline JavaScript and style?Many thanks