Trying to include the Adobe Viewer with
<script type="text/javascript">
document.addEventListener("adobe_dc_view_sdk.ready", function(){
and activating the content security policy with the Apache configuration
Header always set Content-Security-Policy "script-src 'self' documentcloud.adobe.com"
without 'unsafe-inline' results in the following error message in Safari:
"Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy."
How can I get the script running without using 'unsafe-inline'?