Bootstrap v4 breaks Content-Security-Policy compared to Bootstrap v3
Created by: yahesh
As it seems, Bootstrap v4 is now using "data:image/svg+xml" background-urls which leads to errors when using a Content-Security-Policy like default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style
. In order to be able to migrate from Bootstrap v3 to Bootstrap v4 one would have to weaken the Content-Security-Policy protection.
IMHO that's a regression.