Adobe Target

Dmytro_Panchenk · 7/17/24

Hi Everyone,

I am currently integrating Adobe Target into a site that uses Content Security Policy (CSP) headers with nonce values for third-party and inline scripts:

Content-Security-Policy: script-src 'nonce-<value>'

I am using Adobe Launch to load Target. Adobe Launch supports nonce and successfully loads Target along with other extensions and rules.

However, I am encountering an issue with Javascript in the Target experiences. These experiences are based on Target Experience Templates (https://github.com/Adobe-Marketing-Cloud/target-experience-templates) that is, consist of a <script> element with Javascript inside. It appears that Target does not insert the nonce when placing the script on the page.

Is there a way to instruct Adobe Target to specify the nonce when inserting Javascript experiences?

Any guidance would be greatly appreciated.

Dmytro_Panchenk · 7/18/24

Ok, it turned out that I just needed to set cspScriptNonce in targetGlobalSettings.

const nonce = <getting-the-nonce-value>;

window.targetGlobalSettings = {
  . . .
  cspScriptNonce: nonce
};

View solution in original post

Dmytro_Panchenk · 7/18/24

Ok, it turned out that I just needed to set cspScriptNonce in targetGlobalSettings.

const nonce = <getting-the-nonce-value>;

window.targetGlobalSettings = {
  . . .
  cspScriptNonce: nonce
};

Gokul_Agiwal · 7/19/24

Hi @Dmytro_Panchenk Good to know it's worked out for you.

yes, this is the right config for CSP nonces to be added into Script under targetGlobalSetting,

https://experienceleague.adobe.com/en/docs/target-dev/developer/client-side/at-js-implementation/fun...

Adobe Target

Setting Nonce for experiences containing Javascript in Adobe Target

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe