Hi guys,
im searching for a better CSP then this one i use at the moment for apache:
Header set Content-Security-Policy "default-src 'none'; script-src http://seafile.com/ https://www.seafile.com/ 'self' 'unsafe-inline' 'unsafe-eval'; img-src blob: https://[domain].[tld] 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; style-src 'self' 'unsafe-inline';"
I think it could be more fine grained then this.