stevejalim
commented
4 months ago Forgive me if this is already thought of, but the Wagtail admin may well still need unsafe-eval - would you mind checking and adding to the CMS-only CSP if need be?
Open robhudson opened 4 months ago
stevejalim
commented
4 months ago Forgive me if this is already thought of, but the Wagtail admin may well still need unsafe-eval - would you mind checking and adding to the CMS-only CSP if need be?
robhudson
commented
4 months ago Thanks for reminding me. And yeah, I can fire up the admin and check it.
As mentioned in the comments, "The last inlined style was removed in #14614 and I couldn't find any more of such occurrences so hopefully the unsafes can be gone soon."