The "remove" and "Remove all other sessions" buttons on the /sessions page don't work due to CSP issues. This is because script-src even if configured with a nonce does not allow event handlers like onclick on elements directly. Instead, they need to be added via JavaScript using addEventListener. (There is a newer script-src-attr CSP header, but it is only supported in Chromium as of right now.)
Firefox also complains about the script-src-attr header which is set to none by default in Helmet.
The "remove" and "Remove all other sessions" buttons on the /sessions page don't work due to CSP issues. This is because
script-srceven if configured with a nonce does not allow event handlers likeonclickon elements directly. Instead, they need to be added via JavaScript usingaddEventListener. (There is a newerscript-src-attrCSP header, but it is only supported in Chromium as of right now.)Firefox also complains about the
script-src-attrheader which is set tononeby default in Helmet.