content-security-policy header for a jsf, primefaces application

As JSF and Primefaces components result in inline scripts, it is difficult to configure the CSP header in its best configuration.

As JSF by design provides XSS protection, is it okay to not use CSP at all or what shall be the best CSP value for a JSF+Primefaces application?

Also, there is not much discussion/sample-code available on the topic on Internet [1][2]. Aren't JSF and Primefaces planning to provide easier implementation of CSP, as it is 'defense-in-depth', highly recommended header?

Solution

To enable it you may add the following context parameter to your web.xml:

<context-param>
<param-name>primefaces.CSP</param-name>
<param-value>true</param-value>

Add JSF Message From Spring Bean
Understanding PrimeFaces process/update and JSF f:ajax execute/render attributes
Java Primefaces Dependency Managed Bean
Display conditional popup in JSF
oncomplete attribute of h:commandLink / h:commandButton not invoked
Evaluating if MethodExpression attribute is set in composite component (getting PropertyNotFoundException)
PrimeFaces dialog closeDynamic not working
<h:message for="foo"> does not seem to work on <section id="foo">
Tooltip in the Column Header of a Primefaces Datatable
JSF Composite Components: Facet Content Not Rendering Through Nested Components
How to programmatically do JSF internal page forward?
Best way to add a "nothing selected" option to a selectOneMenu in JSF
<h:selectOneRadio> renders table element, how to avoid this?
Primefaces Calendar when required is true, Ajax listener not invoked
Using <ui:repeat>, <h:inputText>and <f:validateWholeBean> on a List<...> or Array of Data
When and how is clientID generated in JSF?
What is the canonical way to handle errors during Ajax-requests?
Rich Extended DataTable column widths
How to use PrimeFaces p:fileUpload? Listener method is never invoked or UploadedFile is null / throws an error / not usable
Unable to inject EJB in @FacesConverter in EAR
How to set defalult selected items in selectOneRadio/selectCheckboxMenu by beans in primefaces
Pure Java/JSF implementation for double submit prevention
JSF 2.2 Form Submit, reloading page = resubmit?
Clear form or invoke method if primefaces dialog is closed via the 'X' close button
JSF 3.0 project throws java.lang.ClassNotFoundException: javax.faces.webapp.FacesServlet
JSF 2.0: @ResourceDependency does not work when adding UIComponent programmatically
Primefaces pages loading slowly after jQuery version increased
How to inject @EJB, @PersistenceContext, @Inject, @Autowired, etc in @FacesConverter?
how to add primefaces to my jsp and servlets nav bar
How to save and restore filter state of primefaces datatable with costum filter (selectCheckboxMenu) via javascript?