In current state, there is one inline script in index.html
https://github.com/Upload/Up1/blob/master/client/index.html
which force the following CSP
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self'; style-src 'self';";
it would be nice to move it to a js (separate or existing) in order to remove the unsafe-inline part.
In current state, there is one inline script in index.html
https://github.com/Upload/Up1/blob/master/client/index.html
which force the following CSP
it would be nice to move it to a js (separate or existing) in order to remove the unsafe-inline part.