Skip to Main Content
Customer Feedback

We love feedback from you on our products and the problems in your daily work that you would like us to solve. Please describe the challenge you're encountering and your desired outcome. Be as detailed as possible.

For technical issues or bugs please head to Support or our Developer Community. You can assign up to 20 votes in total. Thank you for your feedback.

Status explanation: 'Future Consideration' = Continuing to collect further feedback, not planned at this time. 'Investigating' = Prioritized for deeper customer and feasibility investigations ahead of planning development.

Status Future consideration
Categories APIs
Created by Guest
Created on May 12, 2023

Support CSP with nonce in Edit, Admin etc

It would be great if developers can configure CSP to use nonce. So that they can increase the security and control of what resources are loaded by the application.

Currently almost all script tags are rendered without CSP nonces and the site is broken because the browser refused to execute the script.

  • Guest
    Feb 1, 2024

    Optimizely CMS documentation says that it will generate a nonce by setting the following:

    services.AddContentSecurityPolicyNonce(sp => sp.GetRequiredService<INonceProvider>().GetNonce());

    This only affects the rendered content pages and does not affect the CMS Editor Experience. A CSP policy that uses Nonce that is applied globally will result in a broken CMS editor experience.

  • Guest
    May 12, 2023

    This is feature is very much needed, as there are many security concerns raised by various security audit teams on it.
    We some how managed to exclude edit mode from rendering CSP but there are many scripts which are injected to pages during run-time and we do not have control over it hence we are loosing in it.
    Requesting you to make this feature possible ASAP