Submissions are now open for the 2026 Adobe Experience Maker Awards
解決済み
Setting Nonce for experiences containing Javascript in Adobe Target
Hi Everyone,
I am currently integrating Adobe Target into a site that uses Content Security Policy (CSP) headers with nonce values for third-party and inline scripts:
Content-Security-Policy: script-src 'nonce-<value>'
I am using Adobe Launch to load Target. Adobe Launch supports nonce and successfully loads Target along with other extensions and rules.
However, I am encountering an issue with Javascript in the Target experiences. These experiences are based on Target Experience Templates (https://github.com/Adobe-Marketing-Cloud/target-experience-templates) that is, consist of a <script> element with Javascript inside. It appears that Target does not insert the nonce when placing the script on the page.
Is there a way to instruct Adobe Target to specify the nonce when inserting Javascript experiences?
Any guidance would be greatly appreciated.
1 受け入れられたソリューション
Hi @DmytroPanchenk Good to know it's worked out for you.
yes, this is the right config for CSP nonces to be added into Script under targetGlobalSetting,
Seems like you're using older version.. It requires at.js 2.3.0+ which supports setting Content Security Policy nonces on SCRIPT and STYLE tags.
Can you update your at.js version and then check please?
Hope it helps.
