Expand my Community achievements bar.

SOLVED

Set up nonce to have script working on mirror pages

Avatar

Level 2

Hi,

We have a script (<script>) inside some of our emails html code, sent from campaign which was working fine until beginning 2022. Now It does not work anymore due to CSP increase it seems. We want to setup nonce as suggested in documentation ( https://experienceleague.adobe.com/docs/experience-platform/tags/client-side/content-security-policy...) to have it functional again. Do you know how to do that? I guess it has to be on the midsourcing as it is supposed to execute on mirror pages?

Thanks for your help

1 Accepted Solution

Avatar

Correct answer by
Level 2

Hello,

Unfortunately no. Adobe support is saying a fix will be released this year hopefully.

View solution in original post

4 Replies

Avatar

Employee

Hi @nbisoft,

 

I think you can also setup nonce in your email content by adding a CSP meta tag with nonce value.
<head>
<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-123abc'" />
</head>


And now you can use the nonce-source to only allow specific inline script blocks for which you will have to set the same nonce on the <script> element
<script nonce="123abc">
var i = 1;
if (i < 50) {
// some code
}
</script>

Avatar

Level 2

Hi @jitenders 

Thanks a lot for you answer. I tried that but the setup of the http headers is still needed it seems to authorize the server to execute scripts. I opened a technical case with the support. Hopefully, I will get an answer soon.

Kind regards,

 

 

Avatar

Level 1

Hello,

Have you found a solution to your problem?

Avatar

Correct answer by
Level 2

Hello,

Unfortunately no. Adobe support is saying a fix will be released this year hopefully.