Adobe Campaign Classic v7 & Campaign v8

nbisoft · 10/30/22

Hi,

We have a script (<script>) inside some of our emails html code, sent from campaign which was working fine until beginning 2022. Now It does not work anymore due to CSP increase it seems. We want to setup nonce as suggested in documentation ( https://experienceleague.adobe.com/docs/experience-platform/tags/client-side/content-security-policy...) to have it functional again. Do you know how to do that? I guess it has to be on the midsourcing as it is supposed to execute on mirror pages?

Thanks for your help

nbisoft · 1/13/23

Hello,

Unfortunately no. Adobe support is saying a fix will be released this year hopefully.

View solution in original post

jitenders · 11/7/22

Hi @nbisoft,

I think you can also setup nonce in your email content by adding a CSP meta tag with nonce value.
<head>
<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-123abc'" />
</head>

And now you can use the nonce-source to only allow specific inline script blocks for which you will have to set the same nonce on the <script> element
<script nonce="123abc">
var i = 1;
if (i < 50) {
// some code
}
</script>

nbisoft · 11/8/22

Hi @jitenders

Thanks a lot for you answer. I tried that but the setup of the http headers is still needed it seems to authorize the server to execute scripts. I opened a technical case with the support. Hopefully, I will get an answer soon.

Kind regards,

askii · 1/13/23

Hello,

Have you found a solution to your problem?

nbisoft · 1/13/23

Hello,

Unfortunately no. Adobe support is saying a fix will be released this year hopefully.

Adobe Campaign Classic v7 & Campaign v8

Set up nonce to have script working on mirror pages

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe