We implemented Phonebook CSP using style-src: unsafe-inline because we didn't have any active development at the time. Let's fix that by removing all inline styles and then remove unsafe-inline from the CSP headers. This will result in a score boost from the HTTP Observatory.
https://github.com/mozilla/phonebook/pull/48 merged for testing on phonebook-dev.
phonebook-dev.allizom.org has been updated with the above pull request and no longer has style-src: unsafe-inline, for testing purposes.
Deployed and verified in production. CHG0010835
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.