CSP headers: remove unsafe-inline

[alextreme]

Thema / Theme

API

Omschrijving / Description

In the CSP headers we currently have unsafe-inlines:

open-api-framework/open_api_framework/conf/base.py

Line 1048 in aa2a2e3

CSP_STYLE_SRC = CSP_DEFAULT_SRC + [

This was introduced last year with some urgency after the initially adding of admin CSP headers due to breaking various admin/redoc functionality in our components:

open-zaak/open-notificaties#190
#68

Original request from AMS:

#42

Client would like to revisit this and remove the unsafe-inlines for OZ, OK, ON, Obj, OT. And also OAB, but this component doesn't use OAF afaik

Aanvullende opmerkingen / Additional context

This time we should tackle this on a component-by-component basis, and only after approval and release of one component apply this more broader. This to avoid the overhead we had last time when this was done across the board and had to be redone

[alextreme]

Discussed, first step would be to investigate and remove unsafe inlines for Open Zaak, while ensuring that the Redoc and admin functionality remains working as is

Estimate: 2 days