Hi, I have removed the CSP unsafe-inline and added hash512 for inline scripts. However I see that adobe Data Layer is injecting dynamic script on ever page which still causes CSP error on console. Is there any way to solve this?
Update the Adobe Data Layer configuration: Check the configuration of the Adobe Data Layer and see if there are any options to modify or customize the way it injects scripts. Look for options to load scripts from external files instead of injecting them inline. This can help avoid the need for the unsafe-inline directive in your CSP.
Use a nonce or strict-dynamic: If the Adobe Data Layer scripts are dynamically generated and cannot be easily modified, you can use a nonce or the strict-dynamic keyword in your CSP. A nonce is a unique value that is added to the script-src directive in your CSP and is also added as an attribute to the <script> tag in your HTML. This allows the specific inline script to be executed while still maintaining a strict CSP. The strict-dynamic keyword allows scripts that are dynamically added to the page to be executed, but it requires the use of a Content Security Policy Level 3 (CSP3) compatible browser.
Consider a Content Security Policy (CSP) bypass: If none of the above solutions work for your specific use case, you may need to consider adding a CSP bypass for the Adobe Data Layer scripts. This should be done with caution, as it can introduce security risks. Only use a CSP bypass if you have thoroughly reviewed the code and trust the source of the scripts.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.