Hello! I am coding a Plugin to provide more flow metrics to Kanboard. I am using Google Charts. My charts were not being displayed due to restrictions of " Content Security Policy". After a long code review and by googling for a solution I realized that the app was setting up a configuration that was blocking both calls of outside libraries and the in-line scripts.
I have realized that “ClassProvider” class under “Kanboard\ServiceProvider” namespace sets the following:
$container['cspRules'] = array( //'default-src' => "'self'", //'style-src' => "'self' 'unsafe-inline'", 'img-src' => '* data:', );
I had to comment these lines in order to make my scripts been called.
With no comment, this blocks any call of in-line scripts and even putting the calls of SRC for outside scripts like so:
Does anyone knows how to tell Kanboard to change Content Security Policy configuration to let outside scripts working without updating its internal core code?