Possibility of removing unsafe-* information in Content Security Policy (CSP) in CSB.
Does the presence of “unsafe-inline” and “unsafe-eval” keywords mean there is a security violation.
SAP SuccessFactors Recruiting Marketing
As per Engineering and Product Management, even though the Content Security Policy (CSP) includes unsafe-* information, these do not constitute a vulnerability in the system.
Removing these would require a refactor of the code which is not planned at this point.
Any revision in this decision will be updated in this KBA.
3044364 - Enabling Content Security Policy for RMK Site - Recruiting Marketing
Content Security Policy, unsafe, vulnerability, CSB, Recruiting Marketing, Header , KBA , LOD-SF-RMK-CSB , Career Site Builder , How To