Feature: Add SAML JavaScript to External Resource
Description: There is JavaScript on /samlp/resume that will auto-POST the form. A CSP policy that prevents inline scripts from executing negatively impacts this. Adding to an external script will allow the domain to be added to the CSP configured on our proxy.
There are other implementation options (nonce, hash) but externalizing the resource may be the most straightforward. Alternatively, consider formalizing the script hash in documentation. This way, clients could, with confidence, choose to add the hash to the CSP.
Use-case: Allow us to implement a better CSP policy on the Auth0 proxy.