Your LimeSurvey version: LimeSurvey Community Edition Version 6.4.5+240205 Own server or LimeSurvey hosting: Own server
==================
I need to customize our CSP for LimeSurvey and want to make sure that everything continues to work smoothly. Can anyone confirm if LimeSurvey will work properly if I make the following settings?
Content-Security-Policy "frame-ancestors 'self';"
Implement directives that set valid and complete source restrictions for loading dynamic content (script-src, object-src, default-src)
Avoiding the use of unsafe directives such as 'unsafe-eval' and 'unsafe-inline
Avoid typos or otherwise invalid CSP directives.
Avoid wildcards, host-based allowlists or bare URL schemes such as 'HTTP' in source code directives
