Hi There,
I tried to remove the values, 'data:', 'unsafe-inline' and 'unsafe-eval' from script-src in Content Security Policy as given in Hide/remove unsafe-inline, unsafe-eval and Server version from response header.
My web app's javascripts (All the dynamic / reactive part of the app) like stops working.
Is it mandatory to have those values tagged to script-src for outsystems web app to work properly?
Hello Victor,
Have you tried setting 'self' as the value for 'unsafe-inline' and 'unsafe-eval'?
You can do it via OS Lifetime;
https://success.outsystems.com/documentation/11/managing_the_applications_lifecycle/secure_the_applications/apply_content_security_policy/
This should help
Kind regards
Hi Tayyip,
I have tried. It does not work.