Ask HN: Why is unsafe-eval in the CSP still a thing in modern sites?
I was looking over OpenAI's blog[^1] and decided to inspect the HTML just now. I noticed that in the logged issues that OpenAI has unsafe-eval in their Content Security Policy (CSP). Why is this even allowed in modern websites when this leaves the site vulnerable?
[^1]: https://openai.com/blog
No comments yet.