Content Security Policy (CSP) And Unsafe-* Directive With SP Page Builder Pro And Joomshaper Templates
Intelligent Media LTD
Hello!
We recently applied some improvements (security wised) on two of our clients were we had to update the CSP for both of them.
The issue we are facing is that either SP Page Builder Pro or Helix Ultimate/Konstra/Wimble templates are using inline JS code and inline CSS and in order to prevent facing issues (commonly shown on the console) we had to include unsafe-* directives (unsafe-inline, unsafe-eval) in client's CSP.
Is there a work around in order to completely avoid the usage of unsafe-* directives ?
Thank you in advance,
Mehtaz Afsana Borsha
Accepted AnswerHi
Thanks for contacting us and sorry for your issue. I have to talk about it with our DEV team. I will let you know then. Allow me some time please.
-Regards.
Intelligent Media LTD
Accepted AnswerHello!
Do you have any feedback/updates regarding the issue, from the DEV team?
Best regards.
Mehtaz Afsana Borsha
Accepted AnswerHi
I have talked with our DEV team, and they said that currently, there is no workaround for it. Maybe in future they will think about it.
Hope you understand.
Thanks.
jefferson
Accepted AnswerHello, I want to know if there is already a solution to this serious security issue. From what I see, there are quite a few users waiting for a fix, and I would like to know when we will receive an update to mitigate the problem.