search

department-of-veterans-affairs / va.gov-team

Public resources for building on and in support of VA.gov. Visit complete Knowledge Hub:
https://depo-platform-documentation.scrollhelp.site/index.html
281 stars 198 forks source link

Hi! I am working on this ticket to implement mobile promo ba... #72471

Closed platform-support-slack-integration[bot] closed 9 months ago

platform-support-slack-integration[bot] commented 9 months ago

Submitted By: ckim Topic: Security Team: Tier 1 Suppport

Hi! I am working on this ticket to implement mobile promo banners using a npm package Smartbanner.js.

https://github.com/department-of-veterans-affairs/content-build/pull/1837/

I saw that there was usage of nonce="CSP_NONCE" in header.html in content build. Our initial implementation used unpkg.com to pull in the package from a CDN we were wondering if we can utilize this to have the package pass the content policy issues we were seeing when we initially launched.

Also another question is there a way we could test this against the content policies in dev or staging? Are they the same policies as prod?

platform-support-slack-integration[bot] commented 9 months ago

Slack Thread Link: https://dsva.slack.com/archives/CBU0KDSB1/p1703177524349549