AlexisLeDain 61dfbf8846 fix: remove unsafe-inline from script-src in CSP example ...

'unsafe-inline' for script-src negates XSS protection from CSP.
Removed it from the security headers example in quarkus-security
and all locale copies. Kept 'unsafe-inline' for style-src only
(commonly needed by CSS frameworks) with a comment recommending
nonces where possible.

2026-04-08 22:28:46 +02:00

..

SKILL.md

fix: remove unsafe-inline from script-src in CSP example

2026-04-08 22:28:46 +02:00