In my experience, the header below, when enabled, blocks inline script on the page.
Content-Security-Policy: default-src 'self'.
Why is inline code not considered "self"?
I know I can use nonce or other work arounds to allow inline, or move to external files. I'm just interested to know why inline code isn't considered self.
Hope that makes sense
Juan Pablo Isaza