Content Security Policy (CSP) implemented unsafely

mozilla / http-observatory

Mozilla HTTP Observatory

https://observatory.mozilla.org/

Mozilla Public License 2.0

1.86k stars 169 forks source link

Content Security Policy (CSP) implemented unsafely #461

Open digitalgregg opened 2 years ago

digitalgregg commented 2 years ago

My site using lot inline JS ans CSS. When I'm using unsafe-inline , Mozilla showing (CSP) implemented unsafely. How can keep score on Mozilla using unsafe-inline ?

carlin-q-scott commented 2 years ago

This article explains your issue pretty thoroughly: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src

Basically you need to stop using inline scripts and styles, or use nonces.