If user wanted to secure their site with CSP they had to use unsafe-inline directive because smartlook client creates inline script to load whole smartlook SDK. This commit adds support for nonce which is set on this inline script. So there is no longer need for unsafe-inline directive in headers instead user can use nonce-<value> directive.
If user wanted to secure their site with CSP they had to use
unsafe-inlinedirective because smartlook client creates inline script to load whole smartlook SDK. This commit adds support for nonce which is set on this inline script. So there is no longer need forunsafe-inlinedirective in headers instead user can usenonce-<value>directive.For more info visit:
https://help.smartlook.com/en/articles/3470377-content-security-policy-csp-smartlook