Any other changes that would benefit highlighting?
We do not allow arbitrary inline-scripts to execute. Instead we take a hash of the inline script and only allow scripts matching that hash to execute.
Production is raising the following error in the console:
Either the 'unsafe-inline' keyword, a hash ('sha256-I2LOM6esOcAN2kEMLd3BbCCa/vshtQ3D4lkR5YJYKss='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
What does this pull request do?
Fix mismatching inline-script hash on production
Any other changes that would benefit highlighting?
We do not allow arbitrary inline-scripts to execute. Instead we take a hash of the inline script and only allow scripts matching that hash to execute.
Production is raising the following error in the console:
See https://github.com/ministryofjustice/cla_frontend/pull/778 for a long term fix
Checklist