strict csp

Go to solution

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Lachlann 344 posts 626 karma points

Nov 16, 2020 @ 15:54

0

Strict CSP

We have a strict CSP implemented on our site which blocks any inline scripts from running. I noticed that the analytics script output on the front end loads a GUID on page load which changes meaning its not possible to whitelist the SHA for this. Have you guys encountered this and do you have any workarounds?

Copy Link
Lachlann 344 posts 626 karma points

Nov 16, 2020 @ 15:55

100

I originally posted the above question to uMarketingSuite support as an email, here is the response:

That is great feedback and we did not considered this before. The inserted clientside script is only used for the clientside script: https://documentation.umarketingsuite.com/analytics/clientside-events-and-additional-javascript-files/additional-measurements-with-our-ums-analytics-scripts/.

It would be fairly easy for us to make sure that the GUID is rendered on a different element (non-javascript) such as and make sure that the script is using that guid. In that way you can whitelist the script or we can even make a separate js-file for this. So this is possible and I will add this to our backlog of items. We prioritize the backlog together with our partners (https://www.umarketingsuite.com/partners/) so I cannot promise you that this will be fixed in the next sprints.

Copy Link
[email protected] 408 posts 2137 karma points MVP 8x c-trib

Nov 17, 2020 @ 08:03

0

Hi Lachlann,

you even posted the response. Fantastic :)!

Did it make sense? Or any questions left?

Kind regards,

Jeffrey

Copy Link
Lachlann 344 posts 626 karma points

Nov 17, 2020 @ 09:03

0

Thanks Jeffrey.

That makes total sense to me

Cheers L

Copy Link
is working on a reply...

Please Sign in or register to post replies

Flag this post as spam?