Hi,
We have a script (<script>) inside some of our emails html code, sent from campaign which was working fine until beginning 2022. Now It does not work anymore due to CSP increase it seems. We want to setup nonce as suggested in documentation ( https://experienceleague.adobe.com/docs/experience-platform/tags/client-side/content-security-policy...) to have it functional again. Do you know how to do that? I guess it has to be on the midsourcing as it is supposed to execute on mirror pages?
Thanks for your help
Solved! Go to Solution.
Views
Replies
Total Likes
Hello,
Unfortunately no. Adobe support is saying a fix will be released this year hopefully.
Hi @nbisoft,
I think you can also setup nonce in your email content by adding a CSP meta tag with nonce value.
<head>
<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-123abc'" />
</head>
And now you can use the nonce-source to only allow specific inline script blocks for which you will have to set the same nonce on the <script> element
<script nonce="123abc">
var i = 1;
if (i < 50) {
// some code
}
</script>
Hi @jitenders
Thanks a lot for you answer. I tried that but the setup of the http headers is still needed it seems to authorize the server to execute scripts. I opened a technical case with the support. Hopefully, I will get an answer soon.
Kind regards,
Views
Replies
Total Likes
Hello,
Have you found a solution to your problem?
Views
Replies
Total Likes
Hello,
Unfortunately no. Adobe support is saying a fix will be released this year hopefully.