Open
Description
Specific Demand
The CLI knows all the scripts that are loaded into the app. That is, the app itself and scripts included in Dioxus.toml. We can generate a SHA256/384/512 from them, and include that in the CSP.
Implement Suggestion
This works for me (I tested this on a bundled build, so it's just one JS file and one SHA):
<meta http-equiv="content-security-policy" content="object-src 'none'; script-src 'self' 'sha256-BASE64_SHA256_JS'" />