Closed dermatzeimnetz closed 1 year ago
By using the following Apache Header
Header set Content-Security-Policy: "default-src 'unsafe-inline' 'self' https:"
the javascript "eval" code is not executed anymore. You have to add it like this
Header set Content-Security-Policy: "default-src 'unsafe-inline' 'unsafe-eval' 'self' https:"
If possible please remove execution of eval javascript code
Done: https://github.com/phpsysinfo/phpsysinfo/commit/e65ec8350227b40e086b54acbda820e25bf11bcc
namiltd
commented
1 year ago namiltd
commented
1 year ago
By using the following Apache Header
Header set Content-Security-Policy: "default-src 'unsafe-inline' 'self' https:"
the javascript "eval" code is not executed anymore. You have to add it like this
Header set Content-Security-Policy: "default-src 'unsafe-inline' 'unsafe-eval' 'self' https:"
If possible please remove execution of eval javascript code