-
Story
-
Resolution: Done
-
Critical
-
None
-
None
-
None
-
None
Console HTML index template contains an inline script tag used to set up SERVER_FLAGS and visual theme config.
This inline script tag triggers a CSP violation at Console runtime (see attachment for details).
The proper way to address this error is to allow this script tag - either generate a SHA hash representing its contents or generate a cryptographically secure random token for the script.
AC:
- There is no CSP violation reported for inline script tag.