https://www.growthbook.io/ logo
Join Slack
Powered by
Hi there, for some tests, we are using the JS inje...
# ask-questions
p
Hi there, for some tests, we are using the JS injection via Visual Editor. To prevent issues with CSP we should enable 
'unsafe-inline'
and 
'unsafe-eval'
like you mention here https://docs.growthbook.io/app/visual#content-security-policy-csp-changes, but for a website like ours is definitely not a viable solution. Do you support 
nonce
or if you have some different solution / you are currenlty working on something? Thanks
f
We do not support this today. I can think of a couple ways we could implement this in the future though: 1. Let you pass in a 
nonce
value to the GrowthBook SDK and we could inject that into the inline 
<script>
tags we add. Not 100% sure this will work. 2. We're currently working on CDN/Edge SDKs which can apply visual editor changes before it gets to the browser. In that case, we can add integrity hashes to the script tags and modify the CSP headers to include the hashes.
p
@future-teacher-7046 thanks for the quick reply, For us can be viable to try with your solution n.1, which timeframe do you think you can have for it?
@future-teacher-7046 while waiting for your feedback, I’m adding another small thing: • just noticed that you’ve updated docs for Ruby SDK on the part of sticky bucketing -> it’s mentioned as available starting in version 1.3.0 which has not been announced yet. Do you have a release date for it?
f
1.3.0 should be available on Ruby Gems already. https://rubygems.org/gems/growthbook
p
@future-teacher-7046 many thanks!
let me know when we can try with
Copy code
Let you pass in a nonce value to the GrowthBook SDK and we could inject that into the inline <script> tags we add.  Not 100% sure this will work.
13 Views
Open in Slack
PreviousNext
Powered by