Open source platform for stress free deployments, measured impact, and smarter decisions.

GrowthBook Users

Hi! CSP question:
"Changing the `script-src` directive in your CSP is only required if you are writing custom JavaScript in the Visual Editor."
Does this apply to any JS scripts, and is there a workaround for it?

`unsafe-inline` and `unsafe-eval` are not considered safe, and our security team has prohibited their usage.

Hi Mario, it only applies if you are writing Custom JS inside of the Visual Editor. It's a feature we offer for running JavaScript from the Visual Editor. If you don't use that feature, you should be okay