I recently started to check some Content-Security-Policy settings on our server and to my big surprise noticed, that I can’t use Cesium anymore. As soon as I set
Content-Security-Policy script-src 'self'
the viewport does not come up and instead the browser throws an error:
Adding ‘unsafe-eval’ to the settings would be possible in theory, but is basically an absolute no-go security wise.
I search a bit and found posts saying one should disable all Cesium widgets. Fine for me, as we don’t use them. However, it doesn’t solve the issue. The error still appears.
Is there any way to run Cesium is a rather secured way?
Thanks in advance,