Unsafe_inline is generally still used and set in CSP, however we have to move to make use of Nonce or Hash instead, which, according to the documentation, for Auto Injection yet not supported.
01 Jun 202111:12 AM - edited 01 Jun 202111:13 AM
Any pointers on how to correctly define the CSP for Agentless RUM manual insertion of Managed are highly appreciated. Taking in account that the URL of the Cluster ActiveGates behind a LB+WAF are within the customer's own domain.
A "Content-Security-Policy: default-src 'self' trusted.com *.trusted.com" is thinkable, if the CAGs reside at cag.trusted.com? What if the use of hash or nonce is demanded?