Strict Content Security Policy with Optimizely Forms

Vote:
 

Is it possible to create a strict content security policy using a nonce directive on inline script elements added from Optimizely Forms?

#309558
Sep 26, 2023 18:50
Vote:
 

Hi Jeremy,

If I understand correctly you are just wanting to add:

<script nonce="rAnd0m">

To the inline scripts in forms?

There are 2 ways I can think of to do this.

Option 1 - Modify the forms views, you will need to find the views in the forms.zip in the modules folder, extract these and then you can edit as you please.

Option 2 - If I am right the scripts will be added as part of the FormContainer, you could create your own and then modify as you wish.

Other info that will help also https://docs.developers.optimizely.com/content-management-system/docs/content-security-policy

Paul

#309607
Edited, Sep 27, 2023 13:14
Vote:
 

Thanks Paul - I believe that is part of the solution, however there are other scripts injected on the page.  I think I have just found a solution:

https://world.optimizely.com/blogs/giang-nguyen/dates/2021/7/get-rid-of-episerver-forms-in-line-scripts/

#309610
Sep 27, 2023 19:37
Vote:
 

Hey Jeremy,

There is an alternative though would not suggest, you can disable the us of JS in Forms, though you then have limited functionality.

Paul

#309612
Sep 27, 2023 21:19
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.