We have a strict CSP implemented on our site which blocks any inline scripts from running. I noticed that the analytics script output on the front end loads a GUID on page load which changes meaning its not possible to whitelist the SHA for this. Have you guys encountered this and do you have any workarounds?
It would be fairly easy for us to make sure that the GUID is rendered on a different element (non-javascript) such as and make sure that the script is using that guid. In that way you can whitelist the script or we can even make a separate js-file for this. So this is possible and I will add this to our backlog of items. We prioritize the backlog together with our partners (https://www.umarketingsuite.com/partners/) so I cannot promise you that this will be fixed in the next sprints.
Strict CSP
We have a strict CSP implemented on our site which blocks any inline scripts from running. I noticed that the analytics script output on the front end loads a GUID on page load which changes meaning its not possible to whitelist the SHA for this. Have you guys encountered this and do you have any workarounds?
I originally posted the above question to uMarketingSuite support as an email, here is the response:
That is great feedback and we did not considered this before. The inserted clientside script is only used for the clientside script: https://documentation.umarketingsuite.com/analytics/clientside-events-and-additional-javascript-files/additional-measurements-with-our-ums-analytics-scripts/.
It would be fairly easy for us to make sure that the GUID is rendered on a different element (non-javascript) such as and make sure that the script is using that guid. In that way you can whitelist the script or we can even make a separate js-file for this. So this is possible and I will add this to our backlog of items. We prioritize the backlog together with our partners (https://www.umarketingsuite.com/partners/) so I cannot promise you that this will be fixed in the next sprints.
Hi Lachlann,
you even posted the response. Fantastic :)!
Did it make sense? Or any questions left?
Kind regards,
Jeffrey
Thanks Jeffrey.
That makes total sense to me
Cheers L
is working on a reply...