SDM (Super Dev Mode) does not work with a strong CSP (Content Security Policy)
lgemeinhardt opened this issue · comments
SDM (Super Dev Mode) does not work with a strong CSP (Content Security Policy)
GWT version: 2.11.0
Description
SDM does not work with a CSP, that does not allow "unsafe-inline", because the "dev_mode_on.js" contains some inline javascript call:
result.setAttribute('href', 'javascript:' + encodeURIComponent(javascript));
Steps to reproduce
Enable CSP w/o "unsafe-inline" and try to use SDM.
Known workarounds
Disable CSP or allow "unsafe-inline".