Question about CSP
#455
-
|
I couldn't find a statement about a Content Security Policy. I usually have a very tight CSP that basically disallows almost everything. It's the last line of defence. Ideally I'd like to keep it that way but maybe I would need to open up the CSP for datastar to work? I'm assuming there's some use of Thanks. |
Beta Was this translation helpful? Give feedback.
Answered by
bencroker
Jan 5, 2025
Replies: 1 comment 1 reply
-
|
Yes, to use <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-eval';"> |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
@bencroker Thanks. |
Beta Was this translation helpful? Give feedback.
Answer selected by
bencroker
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Yes, to use
data-*expressions requiresunsafe-evalat the very least. Added to the docs in #456.