A client-required CSP that removes ‘unsafe-inline’ causes the site to not function.
I’ve seen other forum post replies saying that Pro and Cornerstone would not require ‘unsafe-inline’ to function.
I’ve read about nonce and hash techniques, but the number of inlne code used on the site in question is substantial. It uses many Classic Elements as it’s an older site - not sure if that would affect things.
Without deconstructing plugins to separate out the javascript, how is anyone removing ‘unsafe-inline’ while using WordPress, Pro and Cornerstone?