Closed papandreou closed 8 years ago
Fixed in 81f89d8, released in 1.7.0.
🤘
By the way in a csp validator I'm getting a warning like:
The 'unsafe-inline' keyword-source has no effect in source lists that contain hash-source or nonce-source.
Then that validator doesn't take CSP level 1 compliant browsers into account (Edge 13+14, Safari 8+9+9.1). They would block your inline script(s) if you didn't list 'unsafe-inline'
.
Ah nice! Thanks for the clarification.
For interop with CSP1 compliant browsers:
In this case
'unsafe-inline'
should be added to thescript-src
directive.