I’m deploying my SapperJs website on Netlify.
I wanted to apply good security practices by settings headers but the framework is using inline js and eval. To set headers, they recommend to use HelmetJs and add a nonce: https://sapper.svelte.dev/docs#Content_Security_Policy_CSP
After doing that, it was working on local but saw that Netlify block my configuration for his own configuration: https://docs.netlify.com/routing/headers/
I was wondering how to bypass the Netlify configuration and allow it to forward was I set with HelmetJS.
Thanks for your help !