Open Bajena opened 3 years ago
_gap.html.erb partial includes onclick=return false attribute which's not compliant with best content security policy practices (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src) and causes a CSP violation in Firefox (in Polish, sorry 😅 ):
_gap.html.erb
onclick=return false
Fixing this without forking the gem requires adding unsafe-inline option to CSP settings which makes CSP almost useless
unsafe-inline
_gap.html.erb
partial includesonclick=return false
attribute which's not compliant with best content security policy practices (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src) and causes a CSP violation in Firefox (in Polish, sorry 😅 ):Fixing this without forking the gem requires adding
unsafe-inline
option to CSP settings which makes CSP almost useless