I am required to utilise a robust Content Security Policy (CSP). However, it seems that Layer Slider requires the unsafe-inline and unsafe-eval values under the script-src directive to function.
Thank you for getting in touch with us! Sorry for the inconvenience but it is not possible to change this because that's how our plugin works. Most plugins currently work this way (inline codes), specifically some features of WordPress as well. The unsafe eval is necessary so that they cannot steal the code, on the other hand it is performance efficient in terms of loading.
Hi!
I am required to utilise a robust Content Security Policy (CSP). However, it seems that Layer Slider requires the unsafe-inline and unsafe-eval values under the script-src directive to function.
How can this be overcome please?
Thank you
Leigh
Hello Leigh,
Thank you for getting in touch with us!
Sorry for the inconvenience but it is not possible to change this because that's how our plugin works. Most plugins currently work this way (inline codes), specifically some features of WordPress as well. The unsafe eval is necessary so that they cannot steal the code, on the other hand it is performance efficient in terms of loading.
Best Regards,
Andrea | Kreatura Support Team
Is it possible to utilise the nonce or hash parameters to avoid using unsafe-inline and unsafe-eval?
Hello Leigh,
Thank you for your feedback!
Your tip is very good, the dev team will look into the possibility of offering a solution in a future update.
Best Regards,
Andrea | Kreatura Support Team