Content Security Policy produces a javascript error.

sfeldkamp

If you add the "Strict Baseline" or "Report CSP Violations" Content Security Policy it produces a javascript error on every page load. Is this working as designed?

james

Hello @sfeldkamp
Please provide more details.

• Cloudron Version
• Gitea app version
• what are you configuring
• what logs are visible in the web log viewer

nebulon

many apps require browser features like javascript eval() for example which would be blocked with the strict rules. This does not automatically mean the app is insecure or so, blindly applying those rules without understanding the apps does not add much benefit there. There are various ways apps can protect unsafe operations besides csp rules.

If you are curious about gitea usage here, you can try to tweak them to narrow down the issue or ask upstream.