open-forms icon indicating copy to clipboard operation
open-forms copied to clipboard

Published 20 hours ago verified publisher icon open-formulieren

Expoints analytics causing CSP issues.

Open LaurensBurger opened this issue 4 months ago • 0 comments

Product versie / Product version

2.7.x - 2.8.x

Customer reference

hrlmmr 181

Omschrijf het probleem / Describe the bug

At the moment it's not possible to enable Expoints because of the CSP issues it causes. It blocks loading of "local" scripts content/scripts (which can be solved by manually adding them to the csp rules) but also causes:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src-elem https://*.expoints.nl open-forms.test.nl". Either the 'unsafe-inline' keyword, a hash ('sha256-M3vO32MFg1tJwV0zTnknLZG946q7lntoSxRkicfjyRg='), or a nonce ('nonce-...') is required to enable inline execution.

Stappen om te reproduceren / Steps to reproduce

enable Expoints in our test env

LaurensBurger avatar Oct 07 '24 09:10 LaurensBurger