Hi,
We have implemented Content Security Policy for our site and boy what a cumbersome process. We have created a middleware that whitelists third party scripts and for inline-scripts we use nonce. But, Application Insights is injected inline and i cant add a nonce to that script and hence it will be blocked.
Is there a way I can insert the AI script my self with a nonce valuje instead of magically retrieving it from DXP?
Also, for the Episerver QuickNavigator addon, can i somehow find and add a nonce to this as well without using unsafe-inline which defeats the entire purpose of CSP.
I've been struggling together with Github Copilot for a while now, not finding a solution.