I'm trying to make a Content Security Policy using the wizard at a website called report-uri.com. This wizard will show you the detected items on a website. I let it ran for a week and the detected items contained a lot of 'unsafe-inline', 'unsafe-eval' directives:
In my opinion the website will remain vulnerable when whitelisting these in the CSP. Are there specific directives that should have the 'unsafe-inline' or 'unsafe-eval' expressions for the Gantry framework and Rocket Theme templates to work properly?
SEARCH the forum first! These boards are rich in knowledge and vast in topics. This includes searching just the 'Solved' forums, using Google, and using ChatGPT