Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Lachlann 344 posts 626 karma points
    Nov 16, 2020 @ 15:54
    Lachlann
    0

    Strict CSP

    We have a strict CSP implemented on our site which blocks any inline scripts from running. I noticed that the analytics script output on the front end loads a GUID on page load which changes meaning its not possible to whitelist the SHA for this. Have you guys encountered this and do you have any workarounds?

  • Lachlann 344 posts 626 karma points
    Nov 16, 2020 @ 15:55
    Lachlann
    100

    I originally posted the above question to uMarketingSuite support as an email, here is the response:

    That is great feedback and we did not considered this before. The inserted clientside script is only used for the clientside script: https://documentation.umarketingsuite.com/analytics/clientside-events-and-additional-javascript-files/additional-measurements-with-our-ums-analytics-scripts/.

    It would be fairly easy for us to make sure that the GUID is rendered on a different element (non-javascript) such as and make sure that the script is using that guid. In that way you can whitelist the script or we can even make a separate js-file for this. So this is possible and I will add this to our backlog of items. We prioritize the backlog together with our partners (https://www.umarketingsuite.com/partners/) so I cannot promise you that this will be fixed in the next sprints.

  • [email protected] 408 posts 2137 karma points MVP 8x c-trib
    Nov 17, 2020 @ 08:03
    jeffrey@umarketingsuite.com
    0

    Hi Lachlann,

    you even posted the response. Fantastic :)!

    Did it make sense? Or any questions left?

    Kind regards,

    Jeffrey

    enter image description here

  • Lachlann 344 posts 626 karma points
    Nov 17, 2020 @ 09:03
    Lachlann
    0

    Thanks Jeffrey.

    That makes total sense to me

    Cheers L

Please Sign in or register to post replies

Write your reply to:

Draft