Using the Nonce Attribute in CSP Rules for Userpilot
When applying Content Security Policy (CSP) rules, the use of'unsafe-inline'
and 'unsafe-eval'
is not required if you use the nonce
attribute. This ensures that only scripts and styles explicitly marked with the correct nonce can execute, improving security.
To enable this with Userpilot, you must pass the nonce
attribute when defining the userpilotSettings
object.
CSP Rule Example