/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
Possibility of removing unsafe-* information in Content Security Policy (CSP) in CSB.
Does the presence of “unsafe-inline” and “unsafe-eval” keywords mean there is a security violation.
Environment
SAP SuccessFactors Recruiting Marketing
Resolution
As per Engineering and Product Management, even though the Content Security Policy (CSP) includes unsafe-* information, these do not constitute a vulnerability in the system.
Removing these would require a refactor of the code which is not planned at this point.
Any revision in this decision will be updated in this KBA.
See Also
3044364 - Enabling Content Security Policy for RMK Site - Recruiting Marketing
Keywords
Content Security Policy, unsafe, vulnerability, CSB, Recruiting Marketing, Header , KBA , LOD-SF-RMK-CSB , Career Site Builder , How To
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)