Hi,
I trust this message finds you well.
I am setting a nonce on the script element and I have followed the web widget CSP documentation. However, I am getting a CSP violation.
I cannot used unsafe-inline as per internal policy and I would need to work out the nonce but it gets blocked to.
Error:
The error appears as: "Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' 'nonce-xxxxxxxxxxxxxxxxx'". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution." With a reference to web-widget-218-a0e6bddf78f556c0ba98.js:2"
Script:
<!-- Start of greenbuildingregistry Zendesk Widget script --> <script id="ze-snippet" src="https://static.zdassets.com/ekr/snippet.js?key=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" nonce="random-csp-nonce"> </script> <!-- End of greenbuildingregistry Zendesk Widget script -->
Any suggestions?
We would not want to hash as it results to risky and complicate to be applied everywhere and we cannot use "unsafe-inline" as per company policy.
Thank you,
Teo
