plain-camera-45050
04/17/2024, 2:10 PM'unsafe-inline'
and 'unsafe-eval'
like you mention here https://docs.growthbook.io/app/visual#content-security-policy-csp-changes, but for a website like ours is definitely not a viable solution.
Do you support nonce
or if you have some different solution / you are currenlty working on something?
Thanksfuture-teacher-7046
nonce
value to the GrowthBook SDK and we could inject that into the inline <script>
tags we add. Not 100% sure this will work.
2. We're currently working on CDN/Edge SDKs which can apply visual editor changes before it gets to the browser. In that case, we can add integrity hashes to the script tags and modify the CSP headers to include the hashes.plain-camera-45050
04/17/2024, 2:44 PMplain-camera-45050
04/18/2024, 8:15 AMfuture-teacher-7046
plain-camera-45050
04/18/2024, 5:19 PMplain-camera-45050
04/18/2024, 5:20 PMLet you pass in a nonce value to the GrowthBook SDK and we could inject that into the inline <script> tags we add. Not 100% sure this will work.