Hi,
I am trying to understand the impact on APEX in case a customer required the implementation of Content Security Policy Headers for all the web applications in its domain.
In particular I'd like to understand the limitations of these policies, because there is a significant portion of inline JavaScript which is automatically generated by APEX and I suspect that it would be difficult to fulfill certain requirements if the customer was to choose some restrictive settings.
I am really no expert on this topic, has anyone any experience on this subject, in particular any of Oracle APEX development team can shed some thoughts on this subject?
Thank you.
Flavio