-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why doesn't the new-relic-admin support nonced CSP? #580
Comments
As linked above, this has been implemented in the Ruby agent so would appear to be fairly trivial to implement for the Python agent as well. As far as I've seen, the reasoning for not doing this so far hinges on an assumption that it would involve breaking compatibility with outdated browsers, although that's not necessarily true or even important to many people, as expressed by many over 6 years in this thread. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
It's not stale? |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This should not be marked as stale as it is a security focused feature request |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
+1 |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
+1 |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This should still be open as it is a security issue. I am seriously considering dropping newrelic due to the lack of movement on this |
@Ak-x Thank you! |
Our team using NewRelic would really like support for this. We cannot use NewRelic on the front-end at the moment due to its lack of configuration options to align with our CSP and our requirement to use a nonce. I feel let down as other agent implementations support it except the Python one. Hope you folks can include this one in! 🤞 |
@TimPansino Thank you! Happy Holidays. 🎆 |
newrelic-python-agent/newrelic/api/asgi_application.py
Line 172 in 242c51a
Seems weird that the default would be "'unsafe-inline'"?
newrelic-python-agent/newrelic/api/html_insertion.py
Line 32 in 242c51a
newrelic-python-agent/newrelic/api/html_insertion.py
Line 49 in 242c51a
newrelic-python-agent/newrelic/api/web_transaction.py
Lines 42 to 44 in ad65494
Any suggestions?
https://docs.newrelic.com/docs/apm/agents/python-agent/python-agent-api/disablebrowserautorum-python-agent-api/
https://discuss.newrelic.com/t/content-security-policy-and-browser-injection/2629
newrelic-python-agent/newrelic/api/web_transaction.py
Lines 402 to 403 in ad65494
Similar:
The text was updated successfully, but these errors were encountered: