When I open *.docx file from my site and press 'back', safari changes CSP to default-srcx-apple-ql-id: 'unsafe-inline'.
Site uses Angular and Kendo UI. Both use unsafe eval (can turn it off for angular with ngCsp directive, but I can't find same solution for Kendo).
I've tried to add <meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline' 'unsafe-eval'"> and same response header, but it didn't help.
How can I force safari to use correct CSP?
Aucun commentaire:
Enregistrer un commentaire