Execute JavaScript while the site under automation has Content Security Policy enable
Hi All, we are on Pega Robotics version 8.0.2025.0. In our automation, we have a block and need to call the ExecuteScript method to excute a javascript. However, the site that we are automating has "Content Security Policy" enable.
Our automation fails with the following error relates to Content Security Policy directive. Anyone has any suggestion on how we should get around this? We are running with Chrome browser.
"Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive:"
Thank you!
Newfold Digital
IN
Please reach out to your web site administrator who already defined these CSP (Content-Security-Policy) directives and try to identify/create a whitelist of sources of trusted script content that's allowed, so the browser can also render resources from those trusted sources as per your project requirements. This way your site-administrator may consider relaxing the policy to allow unsafe-eval or pre-compiling your templates into render functions, as a note; script-src is a directive that controls a set of script-related privileges for a specific site/page, for more info you may refer to Chrome developer forum: https://developer.chrome.com/extensions/contentSecurityPolicy