Hi,
We are trying to enable Content-Security-Policy using a meta header in our app running @xbs/webix-pro@8.x.
Already set environment variables to
window.webix_strict = true; | webix.env.strict = true;
as suggested here and here
However, Webix still seems to apply some inline css internally in order to render styling in datatables and similar views, and requires setting unsafe-inline
keyword in style-src
.
Could you please provide guidelines on how to correctly use Webix without having to set unsafe-inline
or unsafe-eval
keywords for scripts and styles in the CSP?
Thanks.