I'm having an application with kibana dashboards embedded in iframe. The application is proxied by Nginx, with an additional Apache front-end.
My goal is to come up with a CSP without unsafe-hashes, unsafe-inline, unsafe-eval, ...
I tried to follow the related issues, but couldn't find an answer to this question: what is the minimum version that allows kibana to work properly without the need of any unsafe-* source in CSP?
Thank you in advance,