https://www.growthbook.io/ logo
#ask-questions
Title
# ask-questions
c

clean-city-48510

01/15/2024, 3:22 PM
Hi! CSP question: "Changing the
script-src
directive in your CSP is only required if you are writing custom JavaScript in the Visual Editor." Does this apply to any JS scripts, and is there a workaround for it?
unsafe-inline
and
unsafe-eval
are not considered safe, and our security team has prohibited their usage.
s

swift-helmet-3648

01/17/2024, 8:52 PM
Hi Mario, it only applies if you are writing Custom JS inside of the Visual Editor. It's a feature we offer for running JavaScript from the Visual Editor. If you don't use that feature, you should be okay
3 Views