Ask HN: Why is unsafe-eval in the CSP still a thing in modern sites?

2 points by jskherman ↗ HN
I was looking over OpenAI's blog[^1] and decided to inspect the HTML just now. I noticed that in the logged issues that OpenAI has unsafe-eval in their Content Security Policy (CSP). Why is this even allowed in modern websites when this leaves the site vulnerable?

[^1]: https://openai.com/blog

0 comments

[ 4.2 ms ] story [ 7.8 ms ] thread

No comments yet.