How to add trustedtype policy for the Adobe launch scripts injected to the AEM pages?
Hi all,
Recently we got a security requirement to add the “require-trusted-types “ directive in the csp with value “script’ to lock down DOM XSS injection sinks.
However when I add this to the CSP header, it’s blocking couple of lines in the launch scripts. Now I understand that I have to add the trustedPolicy and create a trusted policy in the JS and add that policy-name in the “trusted-types” directive.
But how do I add that in the launch scripts? Because from AEM, we are only adding script url, the scripts are not written in the aem code base.
Looking for any inputs to implement this.

Thanks,
Dayana