⚖ 'unsafe-eval' in worker-src / child-src does not work, it must be specified in script-src; the worker-src directive covers only the worker creation, the executing of worker's script is controlled by other
On Cross-Site Scripting and Content Security Policy
How to fix 'because it violates the following content security policy directive'
Debugging and setting the Content Security Policy in the CSP header and meta tag; debug via browser console, via violation reports and SecurityPolicyViolation event; why the CSP header is truncated
Improving Web Security with the Content Security Policy - SitePoint
Safari only bug: 'script-src' contains an invalid source: ''strict-dynamic''. It will be ignored. · Issue #397 · google/google-api-javascript-client · GitHub
Recording #94
Setting up Content-Security-Policy for Atlassian p...
Debugging and setting the Content Security Policy in the CSP header and meta tag; debug via browser console, via violation reports and SecurityPolicyViolation event; why the CSP header is truncated
Content Security Policy with Google Analytics & Tag Manager | Bounteous
Optimizely's Content-Security-Policy Journey | by Ola Nordstrom | Engineers @ Optimizely | Medium
⚖ Browsers support for the Content-Security-Policy worker-src directive to control the SharedWorker(), Worker() and navigator.serviceWorker.register() functions; unrecognized Content Security Policy directive worker-src