Hi, as part of the server change I upend the security settings i.e. TLSv1.3 etc. One of the things I struggled is to get the Content Security Policy (CSP) settings defined for x3 as I don't know all the dependencies. Specifically for script-src and style-src I could only get it to work with the following settings:
script-src * 'unsafe-inline' 'unsafe-eval'
style-src * 'unsafe-inline' 'unsafe-eval';
The problem is that the * wildcard and 'unsafe-inline' and 'unsafe-eval' is considered an unsafe implementation of CSP (https://developer.mozilla.org/en-US/doc ... ity-Policy).
The question would be 1) what are the (external) sources for JavaScript <script> elements of X3? and 2) what (external) sources for stylesheets are being used by X3?