You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We use "style-src" : {"'unsafe-inline'"} in our APP_DEFAULT_SECURE_HEADERS.
This happens for all invenio products.
This is potentially dangerous and we should check for implications (in regards to XSS) and alternatives for this.
Initially discussed here
We use
"style-src" : {"'unsafe-inline'"}in ourAPP_DEFAULT_SECURE_HEADERS.This happens for all invenio products.
This is potentially dangerous and we should check for implications (in regards to XSS) and alternatives for this.
rdm cookiecutter
https://github.com/inveniosoftware/cookiecutter-invenio-rdm/blob/4e50881575614e68ef5494af7237687831e583f5/%7B%7Bcookiecutter.project_shortname%7D%7D/invenio.cfg#L60C4-L60C5
cds rdm
https://github.com/CERNDocumentServer/cds-rdm/blob/c666912ed2ce990a59fedc3951db14014c609835/invenio.cfg#L109