Is unsafe-eval required for script-src in the content-security-policy for Kibana 6.7.1?

Hi @LizaD - Thank you for the quick reply. I already reviewed that post before I raised my question - it unfortunately does not address my question.

What I'd like to do is to set the csp.rules parameter in the kibana.yml file to no longer have unsafe-eval for script-src - to make it more secure:

https://www.elastic.co/guide/en/kibana/6.7/settings.html

However, I do not know whether removing unsafe-eval from script-src will cause any issues with the list of Kibana functions below:

  • Discover
  • Visualize
  • Dashboard
  • Timelion
  • Alerting
  • Dev Tools
  • Management
  • Security