What information was incorrect, unhelpful, or incomplete?
Report shows
Content Security Policy (CSP) implemented without 'unsafe-inline' or 'unsafe-eval'
for
default-src 'self'; base-uri 'none'; img-src 'self' data:; style-src 'nonce-XXX' 'unsafe-inline' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; script-src 'nonce-XXX' 'report-sample'; form-action 'self'; frame-ancestors 'self'; connect-src 'none'; object-src 'none'; upgrade-insecure-requests; report-uri https://<DOMAIN>/@http-reporting?csp=report&requestTime=XXX&requestHash=XXX
What did you expect to see?
The message
Content Security Policy (CSP) implemented with unsafe sources inside style-src. This includes 'unsafe-inline', data: or overly broad sources such as https. 'form-action' is set to 'self', 'none' or 'specific source'
Do you have any supporting links, references, or citations?
No response
Do you have anything more you want to share?
No response
What information was incorrect, unhelpful, or incomplete?
Report shows
for
default-src 'self'; base-uri 'none'; img-src 'self' data:; style-src 'nonce-XXX' 'unsafe-inline' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; script-src 'nonce-XXX' 'report-sample'; form-action 'self'; frame-ancestors 'self'; connect-src 'none'; object-src 'none'; upgrade-insecure-requests; report-uri https://<DOMAIN>/@http-reporting?csp=report&requestTime=XXX&requestHash=XXXWhat did you expect to see?
The message
Do you have any supporting links, references, or citations?
No response
Do you have anything more you want to share?
No response