Some functionality limited if you implement CSP

Various pages on in the engine rely on inline CSS and Javascript. If you implement Content Security Policies in your Rails app, these fail to load, unless you explicitly enable unsafe-inline.

Swap to using something like 
```erb
<%= javascript_tag nonce: content_security_policy_nonce do %>
 // your javascript
<% end %> 
``` 
to make this work with 
```ruby
Rails.application.configure do
  config.content_security_policy_nonce_generator = ->(_request) { SecureRandom.base64(16) }
  config.content_security_policy_nonce_directives = %w[script-src]
end
```
Otherwise you'll need
```rb
Rails.application.configure do
  config.content_security_policy do |policy|
    policy.script_src(:unsafe_inline)
  end
end
```

Or just include some notes in the documentation.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Some functionality limited if you implement CSP #16

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Some functionality limited if you implement CSP #16

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions