Hi,
i have a Content security policy setup on my site and use the rule for script-src:
Policy: script-src ‘self’ ‘unsafe-hashes’
Whenever i use the conditional logic in a form, the form is blocked probably because the inline Javascript being added to the page.
reading this post
I understand the concept of
I’m using the wp_inline_script_attributes filter to a nonce attributes to the tag using this code:
function my_wp_script_attributes( $attr ) {
if ( ! isset( $attr['nonce'] ) ) {
$attr['nonce'] = wp_create_nonce( 'my-nonce' );
}
}
return $attr;
}
add_filter( 'wp_inline_script_attributes', 'my_wp_script_attributes' );
For some reason its not adding the nonce to
<script id='gform_gravityforms-js-extra'>
and therefor the variable gf_global is not being declared, the script breaks with a js error
gf_global is not defined
im breaking my head on it for a while now. can you help out here ?
or perhaps is there a way to externalize the GF scripts ?
Thanks a lot