3069320 - Removing of unsafe-* information in Content Security Policy (CSP) header - Recruiting Marketing

Possibility of removing  unsafe-* information in Content Security Policy (CSP) in CSB.
Does the presence of “unsafe-inline” and “unsafe-eval” keywords mean there is a security violation.

SAP SuccessFactors Recruiting Marketing

As per Engineering and Product Management, even though the Content Security Policy (CSP) includes unsafe-* information, these do not constitute a vulnerability in the system.
Removing these would require a refactor of the code which is not planned at this point.
Any revision in this decision will be updated in this KBA.

3044364 - Enabling Content Security Policy for RMK Site - Recruiting Marketing

Content Security Policy, unsafe, vulnerability, CSB, Recruiting Marketing, Header , KBA , LOD-SF-RMK-CSB , Career Site Builder , How To