-
Suggestion
-
Resolution: Won't Fix
We have embedded the JSD-widget. But the browser console is spitting out warnings and lowers the CSP-compliance level of our site.
=> It would be great if you could have a look and improve the CSP-compliance.
mbed.ts:40 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-ck0c4o54800000tmo357heu62'
[https://jsd-widget.atlassian.com|https://jsd-widget.atlassian.com/]
". Either the 'unsafe-inline' keyword, a hash ('sha256-unawk8oxMjxPG04UXJudRjZPb/aQ/CshgfawzK+tomg='), or a nonce ('nonce-...') is required to enable inline execution.
[JSDCLOUD-8438] JSD - widget violates CSP-policies
Hi everyone,
Thank you for bringing this suggestion to our attention.
As explained in our new feature policy, there are many factors that influence our product roadmaps and determine the features we implement. When making decisions about what to prioritize and work on, we combine your feedback and suggestions with insights from our support teams, product analytics, research findings, and more. This information, combined with our medium- and long-term product and platform vision, determines what we implement and its priority order.
Unfortunately, as a result of inactivity (no votes or comments for an extended period of time), this suggestion didn’t make it to the roadmap and we are closing it.
While this issue has been closed, our Product Managers continue to look at requests in https://jira.atlassian.com as they develop their roadmap, including closed ones. In addition, if you feel like this suggestion is still important to your team please let us know by commenting on this ticket.
Thank you again for providing valuable feedback to our team!
Adding a script from the outside that runs scripts from further locations by definition breaks CSP rules.
This is still an issue apparently, so I'd like to ping it and see if there is any related issue or movement on this?