Inspired by @garethheyes’ CSP bypass in PayPal, for the first time in 4 years, I found again that JS resources added by CloudFlare could introduce a CSP bypass.

https://t.co/lKccCfTo8a https://t.co/AYgCoC07bF