I saw that there was usage of nonce="CSP_NONCE" in header.html in content build. Our initial implementation used unpkg.com to pull in the package from a CDN we were wondering if we can utilize this to have the package pass the content policy issues we were seeing when we initially launched.
Also another question is there a way we could test this against the content policies in dev or staging? Are they the same policies as prod?
Submitted By: ckim Topic: Security Team: Tier 1 Suppport
Hi! I am working on this ticket to implement mobile promo banners using a npm package Smartbanner.js.
https://github.com/department-of-veterans-affairs/content-build/pull/1837/
I saw that there was usage of nonce="CSP_NONCE" in header.html in content build. Our initial implementation used unpkg.com to pull in the package from a CDN we were wondering if we can utilize this to have the package pass the content policy issues we were seeing when we initially launched.
Also another question is there a way we could test this against the content policies in dev or staging? Are they the same policies as prod?