Ask HN: Why is unsafe-eval in the CSP still a thing in modern sites?

Y	Hacker News new \| ask \| show \| jobs

	Ask HN: Why is unsafe-eval in the CSP still a thing in modern sites?
	2 points by jskherman 779 days ago
	I was looking over OpenAI's blog[^1] and decided to inspect the HTML just now. I noticed that in the logged issues that OpenAI has unsafe-eval in their Content Security Policy (CSP). Why is this even allowed in modern websites when this leaves the site vulnerable? [^1]: https://openai.com/blog