[jitsi-dev] Jitsi meet: Content Security Policy http header


#1

Hello,

While reviewing ansible role for jitsi meet, I tried to add security http
headers to nginx configuration
like this
https://github.com/juju4/ansible-role-jitsi-meet/blob/master/templates/jitsi_meet_nginx.conf.j2#L29

add_header Content-Security-Policy "default-src 'none'; script-src 'self'
'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self';
style-src 'self' http://www.w3.org http://schema.org http://ogp.me;
font-src 'self'; ";

Inline configuration of welcome page requires unsafe-unline and
app.bundle.js require unsafe-eval.
Is there a way to remove those requirements?

Thanks

J