CookieBot not working on security hardend website (concerning Content Security Policy)

Comments

4 comments

  • Avatar
    Michael

    Hi,

    I've the same problem.

    Do you find a solution to make it work ?

    Thanks for your feedback :)

    0
    Comment actions Permalink
  • Avatar
    Hugo Wood

    Hello,

     

    We have this problem too. Any luck with a solution?

    0
    Comment actions Permalink
  • Avatar
    Michael

    Hi, you need to edit the HTACESS FILE.

    You need to add this :

    Header set Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.googletagmanager.com *.googleapis.com *.stripe.com *.google-analytics.com *.typekit.net *.wp.com *.facebook.com *.facebook.net *.instagram.com *.twitter.com *.pinterest.com *.linkedin.com; media-src 'self' blob:; base-uri 'self';"

    Hope it help :)

    I never have good feedback from the Cookies Bot team :(

    I found the solution by my own ...

     

    0
    Comment actions Permalink
  • Avatar
    Hugo Wood

    Thanks for your response. We ended up using 'unsafe-inline' 'unsafe-eval' too but it lessens the security benefits of CSP quite a bit. :(

    0
    Comment actions Permalink

Please sign in to leave a comment.