Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Set up nonce to have script working on mirror pages

Avatar

Level 2

Hi,

We have a script (<script>) inside some of our emails html code, sent from campaign which was working fine until beginning 2022. Now It does not work anymore due to CSP increase it seems. We want to setup nonce as suggested in documentation ( https://experienceleague.adobe.com/docs/experience-platform/tags/client-side/content-security-policy...) to have it functional again. Do you know how to do that? I guess it has to be on the midsourcing as it is supposed to execute on mirror pages?

Thanks for your help

2 Replies

Avatar

Employee

Hi @nbisoft,

 

I think you can also setup nonce in your email content by adding a CSP meta tag with nonce value.
<head>
<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-123abc'" />
</head>


And now you can use the nonce-source to only allow specific inline script blocks for which you will have to set the same nonce on the <script> element
<script nonce="123abc">
var i = 1;
if (i < 50) {
// some code
}
</script>

Avatar

Level 2

Hi @jitenders 

Thanks a lot for you answer. I tried that but the setup of the http headers is still needed it seems to authorize the server to execute scripts. I opened a technical case with the support. Hopefully, I will get an answer soon.

Kind regards,