I have a spring web mvc application which uses jsp pages to render screens. Itís an old application and uses a lot of inline scripts. Recently we came across a vulnerability which is being caused due to Ďunsafe-inline- in the csp header. I tried the below 2 approach to resolve this-
1. I tried moving the functions in scripts to external js files. However not all inline scripts can be removed and requires a major update of code.
2. I tried using nonce by generating a secure nonce value and adding it in csp header as well as the jsp script tags. However all the event handlers still donít work.

I am not sure what else can be done to resolve this issue. Can someone help with alternative solutions?