Five New Optimizely Certifications are Here! Validate your expertise and advance your career with our latest certification exams. Click here to find out more
AI OnAI Off
Strict Content Security Policy with Optimizely Forms
Hi Jeremy,
If I understand correctly you are just wanting to add:
<script nonce="rAnd0m">To the inline scripts in forms?
There are 2 ways I can think of to do this.
Option 1 - Modify the forms views, you will need to find the views in the forms.zip in the modules folder, extract these and then you can edit as you please.
Option 2 - If I am right the scripts will be added as part of the FormContainer, you could create your own and then modify as you wish.
Other info that will help also https://docs.developers.optimizely.com/content-management-system/docs/content-security-policy
Paul
Edited,
Sep 27, 2023 13:14
Thanks Paul - I believe that is part of the solution, however there are other scripts injected on the page. I think I have just found a solution:
https://world.optimizely.com/blogs/giang-nguyen/dates/2021/7/get-rid-of-episerver-forms-in-line-scripts/
Sep 27, 2023 19:37
Hey Jeremy,
There is an alternative though would not suggest, you can disable the us of JS in Forms, though you then have limited functionality.
Paul
Sep 27, 2023 21:19
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
Is it possible to create a strict content security policy using a nonce directive on inline script elements added from Optimizely Forms?