If I define a Content Security Policy (CSP) in the http headers with script-src: ‘self’ (and also explicit urls to my site) the drop-down lists of annual archive do not work. I have to enable script-src: ‘unsafe-inline’ in addition to other allowed script sources. What is the problem?
- The topic ‘Annual archive seems to require CSP script-src: ‘unsafe-inline’ ???’ is closed to new replies.