allanbowe
commented
2 years ago Linked issue: https://github.com/sasjs/server/issues/168
Closed allanbowe closed 2 years ago
allanbowe
commented
2 years ago Linked issue: https://github.com/sasjs/server/issues/168
Temporarily loosening CSP Policy to allow seamless DC deploys.
Currently DC contains the bare minimum number of frontend files, to facilitate streaming apps on SAS 9 EBI deploys (many of which have only 3 multibridge connections). Multiple parallel file requests can also bring down a Viya 4 image (2020.2 hackathon image confirmed).
That said - inline javascript is bad as it can facilitate Cross Site Scripting (XSS) attacks. More info here: https://csper.io/blog/no-more-unsafe-inline
The SASjs Server build of Data Controller will be updated to eliminate the script tags and then the CSP policy will be tightened up. Ticket to follow.