fix(csp): get rid of unsafe scripts and styles

[dargmuesli]

Currently, our content security policy must allow unsafe scripts and styles because of Nuxt and Tailwind. Therefore the X-XSS-Protection security header is currently set to 1; mode=block instead of 0 as well.

All insecure csp properties should be removed once Nuxt & Tailwind allow to do so and the security header should be set back to 0.

• CSP support nuxt/nuxt#11793

Also:

• feat: link script in head for CSP 'self' compliance in v3 nuxt-modules/color-mode#266
• Support for nonce or hash value [enhancment] nuxt/image#1011

[surgiie]

Any update on this?

[dargmuesli]

What exactly are you asking about? The relevant upstream issues are linked above for you.

[surgiie]

What exactly are you asking about? The relevant upstream issues are linked above for you.

Apologies, meant to comment upstream. Ignore.