Conditional logic blocked by CSP

Hi,
i have a Content security policy setup on my site and use the rule for script-src:

Policy: script-src ‘self’ 'unsafe-hashes’

Whenever i use the conditional logic in a form, the form is blocked probably because the inline Javascript being added to the page.

reading this post

I understand the concept of

I’m using the wp_inline_script_attributes filter to a nonce attributes to the tag using this code:

function my_wp_script_attributes( $attr ) {
    if ( ! isset( $attr['nonce'] ) ) {
        $attr['nonce'] = wp_create_nonce( 'my-nonce' );
    }
  }  
    return $attr;
}
add_filter( 'wp_inline_script_attributes', 'my_wp_script_attributes' );

For some reason its not adding the nonce to
<script id='gform_gravityforms-js-extra'>
and therefor the variable gf_global is not being declared, the script breaks with a js error

gf_global is not defined

im breaking my head on it for a while now. can you help out here ?
or perhaps is there a way to externalize the GF scripts ?
Thanks a lot

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.