Created
March 29, 2023 12:26
-
-
Save bennadel/604fdbf149f790605da5f6166d1bbce3 to your computer and use it in GitHub Desktop.
Getting FusionReactor User Experience Monitoring (UEM) To Play Nicely With Content Security Policy (CSP) In ColdFusion
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<cfscript> | |
frapi = createObject( "java", "com.intergral.fusionreactor.api.FRAPI" ) | |
.getInstance() | |
; | |
csp = application.contentSecurityPolicy.getCspConfig(); | |
// Set the strict Content-Security-Policy. | |
cfheader( attributeCollection = csp.header ); | |
cfheader( attributeCollection = csp.reportToHeader ); | |
</cfscript> | |
<cfoutput> | |
<!doctype html> | |
<html lang="en"> | |
<body> | |
<h1> | |
FusionReactor - User Experience Monitoring (UEM) | |
</h1> | |
<script type="text/javascript"> | |
#frapi.getUemTrackingScript()# | |
</script> | |
</body> | |
</html> | |
</cfoutput> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script type="text/javascript" nonce> | |
var anUrl = "/fusionreactor/UEM.cfm?db=0&wr=11&s=8B92BB6DBB4B1FFF4ED56B4CF4A2F0B7&t=927808"; | |
document.write(unescape("%3Cscript src='/fusionreactor/UEMJS.cfm' type='text/javascript'%3E%3C/script%3E")); | |
</script> | |
<script src="/fusionreactor/UEMJS.cfm" type="text/javascript"></script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<cfscript> | |
frapi = createObject( "java", "com.intergral.fusionreactor.api.FRAPI" ) | |
.getInstance() | |
; | |
csp = application.contentSecurityPolicy.getCspConfig(); | |
// Set the strict Content-Security-Policy. | |
cfheader( attributeCollection = csp.header ); | |
cfheader( attributeCollection = csp.reportToHeader ); | |
</cfscript> | |
<cfoutput> | |
<!doctype html> | |
<html lang="en"> | |
<body> | |
<h1> | |
FusionReactor - User Experience Monitoring (UEM) | |
</h1> | |
<script type="text/javascript" nonce="#encodeForHtmlAttribute( csp.nonce )#"> | |
#frapi.getUemTrackingScript()# | |
</script> | |
</body> | |
</html> | |
</cfoutput> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<cfscript> | |
frapi = createObject( "java", "com.intergral.fusionreactor.api.FRAPI" ) | |
.getInstance() | |
; | |
// Generate the UEM output; but, instead of writing the output to the page, I'm going | |
// to capture the content and extract the two `/fusionreactor/` URLs. These will be | |
// explicitly written the page down below. | |
uemScriptUrls = frapi.getUemTrackingScript() | |
.reMatchNoCase( "/fusionreactor/[^'""]+" ) | |
; | |
csp = application.contentSecurityPolicy.getCspConfig(); | |
// Set the strict Content-Security-Policy. | |
cfheader( attributeCollection = csp.header ); | |
cfheader( attributeCollection = csp.reportToHeader ); | |
</cfscript> | |
<cfoutput> | |
<!doctype html> | |
<html lang="en"> | |
<body> | |
<h1> | |
FusionReactor - User Experience Monitoring (UEM) | |
</h1> | |
<script type="text/javascript" nonce="#encodeForHtmlAttribute( csp.nonce )#"> | |
var anUrl = "#encodeForJavaScript( uemScriptUrls[ 1 ] )#"; | |
</script> | |
<script | |
type="text/javascript" | |
src="#uemScriptUrls[ 2 ]#" | |
nonce="#encodeForHtmlAttribute( csp.nonce )#"> | |
</script> | |
</body> | |
</html> | |
</cfoutput> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment