Set up nonce to have script working on mirror pages

Forum|Forum|3 years ago
October 30, 2022
2 の返信
1340 ビュー

Hi,

We have a script (<script>) inside some of our emails html code, sent from campaign which was working fine until beginning 2022. Now It does not work anymore due to CSP increase it seems. We want to setup nonce as suggested in documentation ( https://experienceleague.adobe.com/docs/experience-platform/tags/client-side/content-security-policy.html?lang=en) to have it functional again. Do you know how to do that? I guess it has to be on the midsourcing as it is supposed to execute on mirror pages?

Thanks for your help

このトピックへの返信は締め切られました。

ベストアンサー nbisoft

Hello,

Unfortunately no. Adobe support is saying a fix will be released this year hopefully.

J

jitenders

Adobe Employee

Hi @nbisoft,

I think you can also setup nonce in your email content by adding a CSP meta tag with nonce value.
<head>
<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-123abc'" />
</head>

And now you can use the nonce-source to only allow specific inline script blocks for which you will have to set the same nonce on the <script> element
<script nonce="123abc">
var i = 1;
if (i < 50) {
// some code
}
</script>

N

nbisoft作成者

Level 2

Hi @jitenders

Thanks a lot for you answer. I tried that but the setup of the http headers is still needed it seems to authorize the server to execute scripts. I opened a technical case with the support. Hopefully, I will get an answer soon.

Kind regards,

A

askii

Hello,

Have you found a solution to your problem?

N

nbisoft作成者回答

Level 2

Hello,

Unfortunately no. Adobe support is saying a fix will be released this year hopefully.

サインアップ

ソーシャルログイン

コミュニティへログイン

ソーシャルログイン

ファイルをウイルススキャンする。

このファイルはダウンロードできません