WakaTime: Unsafe Inline and Eval CSP Usage

Hi Team, The HTTP header of the wakatime.com website includes an unsafe CSP parameter for "script-src". Impact: However, the "script-src" parameter is set to "unsafe-inline" or "unsafe-eval", which allows injection of user passed values, which in result can be misused for Cross-Site Scripting...