Can't get script tag to work in landing pages plugin due to content-security-policy

Support
1

inline js script tag isn’t being loaded due to csp and idk how to fix it.

2 Likes
2

There’s some information in this post that may help: Mitigate XSS Attacks with Content Security Policy

1 Like
3

I’ve read through that and others but cannot piece together how to actually add the exception to the content_security_policy_script_src

1 Like
4

Do you see an error concerning the script in your browser console? something like this?

A red error message in a web browser details a security policy violation preventing inline script execution, referencing directives and required keywords like 'unsafe-inline' or a nonce for enabling the script. (Captioned by AI)
A red error message in a web browser details a security policy violation preventing inline script execution, referencing directives and required keywords like 'unsafe-inline' or a nonce for enabling the script. (Captioned by AI)1280×132 27.9 KB

You’ll want to add that provided hash ('sha256-xxxxx') to the “content security policy script src” setting found in admin > all site settings

1 Like
5

The error I was getting had nonce-s0m3h4sh in Firefox browser I wasn’t getting the sha256-s0m3h4sh. But when I just now looked in chrome it was the sha256 one. I suppose that was causing most of my confusion

2 Likes