AnsweredAssumed Answered

CSP for RSA Authentication Agent's Default templates

Question asked by Tomasz Wrobel on Oct 27, 2017

The default templates of the current version of RSA Authentication Agent 7.1.4 for Web for Apache Web Server require adding:


script-src 'unsafe-inline'


in Content-Security-Policy.


Can you provide ultimate list of every inline scripts used (or their hashes) so sha256-XXXX can be used in order to disallow running not authorized inline scripts?