-
Notifications
You must be signed in to change notification settings - Fork 3
/
nextcsp.html
28 lines (24 loc) · 2.33 KB
/
nextcsp.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<!DOCTYPE html>
<html>
<head>
<title>Sample Page with 'strict-dynamic' CSP</title>
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'nonce-rAnd0m' 'strict-dynamic' 'unsafe-inline' https://cdn.segment.com/;">
</head>
<body>
<!-- Segment Snippet -->
<script src="/script-loader.js" nonce="rAnd0m">
!function(){var i="analytics",analytics=window[i]=window[i]||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","reset","group","track","ready","alias","debug","page","screen","once","off","on","addSourceMiddleware","addIntegrationMiddleware","setAnonymousId","addDestinationMiddleware","register"];analytics.factory=function(e){return function(){if(window[i].initialized)return window[i][e].apply(window[i],arguments);var n=Array.prototype.slice.call(arguments);if(["track","screen","alias","group","page","identify"].indexOf(e)>-1){var c=document.querySelector("link[rel='canonical']");n.push({__t:"bpc",c:c&&c.getAttribute("href")||void 0,p:location.pathname,u:location.href,s:location.search,t:document.title,r:document.referrer})}n.unshift(e);analytics.push(n);return analytics}};for(var n=0;n<analytics.methods.length;n++){var key=analytics.methods[n];analytics[key]=analytics.factory(key)}analytics.load=function(key,n){var t=document.createElement("script");t.type="text/javascript";t.async=!0;t.setAttribute("data-global-segment-analytics-key",i);t.src="https://cdn.segment.com/analytics.js/v1/" + key + "/analytics.min.js";var r=document.getElementsByTagName("script")[0];r.parentNode.insertBefore(t,r);analytics._loadOptions=n};analytics._writeKey="G5BwWiwo7E5XCw85h43neqDn59j6KCTp";;analytics.SNIPPET_VERSION="5.2.0";
analytics.load("G5BwWiwo7E5XCw85h43neqDn59j6KCTp");
analytics.page();
}}();
</script>
<!-- Non-"parser-inserted" script -->
<script nonce="rAnd0m">
var s = document.createElement('script');
s.src = "https://cdn.segment.com/analytics.js/v1/G5BwWiwo7E5XCw85h43neqDn59j6KCTp/analytics.min.js";
document.body.appendChild(s);
</script>
<h1>Welcome to the Sample Page</h1>
<p>This is a sample page with the 'strict-dynamic' CSP policy applied to allow the Segment scripts to load.</p>
</body>
</html>