Parse Dashboard has Insecure Content Security

[dblythy]

New Issue Checklist

• I am not disclosing a vulnerability.
• I am not just asking a question.
• I have searched through existing issues.
• I can reproduce the issue with the latest versions of Parse Server and Parse Dashboard.

Issue Description

Parse Dashboard cannot work with secure CSPs as the dashboard uses inline scripts, styles, etc.

Steps to reproduce

Create an express app with strict CORS, and mount dashboard

Actual Outcome

Lots of CORS errors

Expected Outcome

No cors

Related:

https://community.parseplatform.org/t/parse-dashboard-5-0-0-insecure-contentsecuritypolicy-csp/3121
https://community.parseplatform.org/t/dashboard-site-being-flagged-as-unsafe-by-google-safe-browsing/2872/13

Environment

Dashboard

• Parse Dashboard version: FILL_THIS_OUT
• Browser (Safari, Chrome, Firefox, Edge, etc.): FILL_THIS_OUT
• Browser version: FILL_THIS_OUT

Server

• Parse Server version: FILL_THIS_OUT
• Operating system: FILL_THIS_OUT
• Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): FILL_THIS_OUT

Database

• System (MongoDB or Postgres): FILL_THIS_OUT
• Database version: FILL_THIS_OUT
• Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): FILL_THIS_OUT

Logs

[parse-github-assistant]

Thanks for opening this issue!

• ❌ Please fill out all fields with a placeholder FILL_THIS_OUT, otherwise your issue will be closed. If a field does not apply to the issue, fill in n/a.