Setting Nonce for experiences containing Javascript in Adobe Target | Community
Skip to main content
DmytroPanchenk
DmytroPanchenk
Level 3
July 18, 2024
Solved

Setting Nonce for experiences containing Javascript in Adobe Target

  • July 18, 2024
  • 1 reply
  • 1860 views

Hi Everyone,

I am currently integrating Adobe Target into a site that uses Content Security Policy (CSP) headers with nonce values for third-party and inline scripts:

Content-Security-Policy: script-src 'nonce-<value>'

I am using Adobe Launch to load Target. Adobe Launch supports nonce and successfully loads Target along with other extensions and rules.

However, I am encountering an issue with Javascript in the Target experiences. These experiences are based on Target Experience Templates (https://github.com/Adobe-Marketing-Cloud/target-experience-templates) that is, consist of a <script> element with Javascript inside. It appears that Target does not insert the nonce when placing the script on the page.

Is there a way to instruct Adobe Target to specify the nonce when inserting Javascript experiences?

Any guidance would be greatly appreciated.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by DmytroPanchenk

Ok, it turned out that I just needed to set cspScriptNonce in targetGlobalSettings.

 

const nonce = <getting-the-nonce-value>; window.targetGlobalSettings = { . . . cspScriptNonce: nonce };

 

1 reply

DmytroPanchenk
DmytroPanchenkAuthorAccepted solution
Level 3
July 18, 2024

Ok, it turned out that I just needed to set cspScriptNonce in targetGlobalSettings.

 

const nonce = <getting-the-nonce-value>; window.targetGlobalSettings = { . . . cspScriptNonce: nonce };

 

    Gokul_Agiwal
    Community Advisor
    Gokul_AgiwalCommunity Advisor
    Community Advisor
    July 19, 2024

    Hi @dmytropanchenk Good to know it's worked out for you. 

    yes, this is the right config for CSP nonces to be added into Script under targetGlobalSetting,  

    https://experienceleague.adobe.com/en/docs/target-dev/developer/client-side/at-js-implementation/functions-overview/targetglobalsettings#content-security-policy

    S
    Adobe Employee
    SurendraSinghAdobe Employee
    Adobe Employee
    April 17, 2025

    Hi @Dmytro_Panchenk , @gokul_agiwal ,

     

    I am facing similar issue and my Target version is < 2.2.0+  . Any Idea what needs to be done fox fixing this nonce issue ?                                                                                                                                                      Thanks,

    Surendra

     

    Terms & ConditionsAccessibility statement

    Loading footer...