In order to make the web vault publicly accessible, I use nginx as reverse proxy.
However, I noticed that - with enabled CSP headers - some of the functionallity gets lost, i.e. some buttons won’t work at all.
It took me a while to find what was going on, but finally the network tab in the developer settings of my browser showed me something like
Refused to execute inline script because it violates the following Content Security Policy directive
Is there a nice way to enable CSP headers in my proxy config and still be able to use all features?
Until now, I manually added each script’s hash as an exception to the CSP header, however, this is highly susceptible to changes to the script in question in future releases.