Blazor WASM PWA application is being built using .Net core 8.0 with Radzen 3.20.12 components library.
We are using Veracode to identify and prevent vulnerabilities in the application code, Dynamic analysis scan reported below flaw:
Inclusion of Functionality from Untrusted Control Sphere (CWE ID 829 - the application contains unsafe Content-Security-Policy (CSP) directives that could allow malicious script code to be included on the page
Recommending to: remove the unsafe CSP directives after ensuring any script code necessary to site functionality is invoked in a safe manner.
Is this addressed in newer version?