Code in JavaScript needs weak Content Security Policy to work properly
We noticed a bug in the integration of Cookiebot on our website, which significantly limits the function and security.
Cookiebot inserts Javascript directly into our website(inline JavaScript). Cookiebot only works properly if we explicitly allow it in our Content Security Policy. With this we open a weak spot in our website for code or JavaScript injection. This allows an attacker to read, for example, data visitors to our site on the page, or otherwise manipulate our website.
Is this restriction already being worked on? When can we expect a solution?
1
-
Any News?
Wrote another, more detailed question: https://support.cookiebot.com/hc/en-us/community/posts/360014522974-CookieBot-not-working-on-security-hardend-website-concerning-Content-Security-Policy-
0
Please sign in to leave a comment.
Comments
1 comment