6

I have developed a website, I want to add google adsense to the site. I have created an adsense account and added the code snippet to my website. but the Google's addsbygoogle.js loads and writes some inline scripts and styles that the browser refuses to load because it violates my CSP rules.

Browser log

I have tried adding 'strict-dynamic' with a nonce to all of my scripts in the page, still it refuses to load these scripts.

It all works fine if I add "unsalfe-inline" but is there a more secure way to do this.

thanks

Bhanuka Yd
  • 646
  • 8
  • 25
  • 1
    I've spent extensive time researching, hacking and trying to have Adsense play along with a `strict-dynamic` (so by extention using SHAs and NONCEs) policy, but since their parent script attempts to create inline – maninak Jun 29 '18 at 14:29

0 Answers0