Hello. I'm struggling with GWT vs CSP problem, specifically 'unsafe-inline' rule.
I have an application with several deferred modules, which are compiled and linked with 'xsiframe' or 'direct_install' linkers. And my problem is that linkers use ScriptTagLoadingStrategy, which uses callbacks and eventually appends (and then deletes) <script> tag to GWT iframe with inline javascript in it, which in the end violates 'unsafe-inline' rule. I've experimented with default linkers and found out that 'sso' (SingleScriptLinker) fixes the problem, but unfortunately it's not the case for me, as it not support several modules/fragments. So, I'm wondering maybe someone has already researched this problem or knows some kind of custom linker, which is using a different strategy to support CSP. Thank you in advance for any help or suggestion. Regards. -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/1113b24b-bcce-4d2e-b865-694512a9d6d2%40googlegroups.com.
