Expand my Community achievements bar.

SOLVED

Nonce remains empty

Avatar

Level 1

Hey there,

I would like Adobe Launch to add a nonce to all inline script it injects, so I created a Data Element which references the nonce value and configured the Core - extension accordingly.

Now there's a nonce attribute added to the <script>-tag but it is empty.

volka1_0-1680691009926.png

When I do _satellite.getVar("csp_nonce"); in the console it returns the correct value:

volka1_1-1680691201952.png

"csp_nonce" is the name of the Data Element I created and referenced in the core extension like this:

volka1_2-1680691297734.png

 

What I tried so far, is to change the Data Element to have the type "Random Number", "Constant", "JS Variable", ..., even when setting a default value, the nonce remains empty.

 

What am I missing here?

 

1 Accepted Solution

Avatar

Correct answer by
Level 1

That definitely works! Thanks. Also  your first suggestion works in the meantime as I found out, the reason was that I have overseen an second CSP within the HTTP Response Header (containing only of frame-ancestors directive). As soon as I remove one of the CSPs (either the one defined in meta-Tags or the one from HTTP Header, it works. Having both of them will lead to the described symptoms. Hope that helps someone in the future.

View solution in original post

6 Replies

Avatar

Community Advisor and Adobe Champion

I haven't used this feature myself, but I found a related post that might help?

 

https://experienceleaguecommunities.adobe.com/t5/adobe-analytics-questions/csp-nonce-in-core-extensi...

 

Avatar

Level 1

Thanks Jennifer, I already followed the documentation.

Avatar

Community Advisor

It seems like you're trying to add a nonce to all inline scripts injected by Adobe Launch by creating a Data Element and configuring the Core extension accordingly. However, the nonce attribute in the <script> tag appears to be empty, even though _satellite.getVar("csp_nonce"); returns the correct value.

Based on your description, there might be an issue with the timing when the Data Element value is being fetched. Here's an approach to resolve this issue:

First, create a custom script in the Adobe Launch library to set the nonce value globally:

window._launchGlobalNonce = '<YOUR_NONCE_VALUE>';​

 

Replace <YOUR_NONCE_VALUE> with the actual nonce value you'd like to use. Make sure this custom script is loaded before any other scripts in the library.
Next, modify your "csp_nonce" Data Element to be of the type "Custom Code" and use the following code snippet to return the nonce value:

return window._launchGlobalNonce || '';

 

Finally, make sure you've configured the Core extension to reference the "csp_nonce" Data Element, as shown in your provided screenshot.

With these changes, the nonce attribute should be populated correctly in the <script> tags injected by Adobe Launch. If the issue persists, it may be worthwhile to check the order of rule execution in Adobe Launch, ensuring that the custom script setting the global nonce value is executed before any other scripts that use the nonce.

I hope this helps! Let me know if you have any further questions or need additional clarification.

 

Avatar

Level 1

Thanks Hermang35,

I tried it, but still: Nonce remains empty. Even when doing it like this:

return window._launchGlobalNonce || 'default-nonce';

I set the variable as the first item in <head> and I load the JS from assets.adobe.com[...] with 'async', so the variable should is definitely set before Launch is loaded.

Avatar

Community Advisor

It's unfortunate that the nonce remains empty. Here are some suggestions to troubleshoot the issue:

 

Ensure that the _launchGlobalNonce variable is declared and initialized correctly in the <head> of your HTML document before the Adobe Launch script is loaded. For example:


html


<!DOCTYPE html>

<html>

<head>

  <script>

    window._launchGlobalNonce = 'your-nonce-value';

  </script>

  <!-- Load Adobe Launch script after declaring _launchGlobalNonce -->

  <script src="https://assets.adobe.com/your-launch-script.js" async></script>

</head>

<body>

  <!-- Your page content -->

</body>

</html>


Verify that the Data Element in Adobe Launch is configured correctly to use the Custom Code type, with the following code snippet:


javascript


return window._launchGlobalNonce || 'default-nonce';


Double-check that you have correctly referenced this Data Element in the Adobe Launch Core Extension settings for the nonce value.

 

If the issue persists, you can try using the following Custom Code for your Data Element, which adds an event listener to ensure that the nonce value is retrieved after the Launch script has been loaded:

 

javascript

 

function getNonce(callback) {

  if (window._launchGlobalNonce) {

    callback(window._launchGlobalNonce);

  } else {

    window.addEventListener('load', function() {

      callback(window._launchGlobalNonce || 'default-nonce');

    });

  }

}

 

getNonce(function(nonce) {

  return nonce;

});


If none of these suggestions resolve the issue, you might want to reach out to Adobe support for further assistance. Provide them with details of the issue, including your configuration settings and any error messages you may encounter.

Avatar

Correct answer by
Level 1

That definitely works! Thanks. Also  your first suggestion works in the meantime as I found out, the reason was that I have overseen an second CSP within the HTTP Response Header (containing only of frame-ancestors directive). As soon as I remove one of the CSPs (either the one defined in meta-Tags or the one from HTTP Header, it works. Having both of them will lead to the described symptoms. Hope that helps someone in the future.