Hi! CSP question: "Changing the

script-src

directive in your CSP is only required if you are writing custom JavaScript in the Visual Editor." Does this apply to any JS scripts, and is there a workaround for it?

unsafe-inline

and

unsafe-eval

are not considered safe, and our security team has prohibited their usage.

Hi Mario, it only applies if you are writing Custom JS inside of the Visual Editor. It's a feature we offer for running JavaScript from the Visual Editor. If you don't use that feature, you should be okay