Don't inline scripts or styles #962
Description
Feature Name
Better support for CSP
Description
Currently the static sites generated by DocC contain a couple of inline scripts and styles. This does not work well with Content Security Policy headers, which are required in certain environments and should be used by everyone. Inline scripts are especially bad so ideally should not be used. Nonce based inline scripts are hard to use as they require changing the file on each page load and additional server support. A hash based approach would also work but there would need to be a way of outputting the generated hashes for scripts and styles. This could be generated alongside the page behind a flag. The easiest option is to just have the files extracted.
Motivation
Inline scripts are unsafe, we should make it easy to work with CSP to protect against this
Importance
Important if you care about security, critical if you're trying to host DoCC archives on a site with a CSP that blocks inline scripts as a company policy.
Alternatives Considered
N/A