I would like to remove the 'unsafe-inline' in the 'script-src' from the Content Security Policy of my web app, and increase it security. Unfortunately though, Firebase seems to require it in order to work (I'm using Firebase auth and Firestore).
How do I go about creating a more secure web app? I read about using a nonce, but I'm not sure how I can specify to the firebase script (I'm using the Web modular via npm package in a Nextjs app).
Thanks