I manage an ASP.NET based solution, currently targeting .NET 4.7, and am getting increasing pressure to make the solution compatible with Content Security Policy header. Most notably, however, the requests specifically do not want to have to enable
unsafe features (unsafe-inline, unsafe-eval, etc).
So many ASP.NET features render inline script and inline style, I'm just not seeing a way to support this without a re-write. Is there some page compatibility setting I'm just missing?
--Chad