Is there a reset somewhere?

[rsudworth]

First, let me say I've found this plugin to be fantastic, so thank you for all the hard work.

I'm testing at the moment, and have found that I've blocked the plugin's JS file so I can't access the admin. Is there a way to reset everything?

This is the error I get, though the script block itself has a nonce, and so I thought scripts loaded by such a block were supposed to be trusted.

administration/:1 Refused to load the script 'https://coas01mstrr189iinte-slot.dxcloud.episerver.net/stott.security.optimizely/static/main.79ae4d09.js' because it violates the following Content Security Policy directive: "script-src-elem 'self' 'unsafe-inline' https://policy.app.cookieinformation.com 'nonce-0456edb7-9efb-4731-b16f-b633a7764a51' 'strict-dynamic'". Note that 'strict-dynamic' is present, so host-based allowlisting is disabled.

[GeekInTheNorth]

Hi @rsudworth

There is purposefully no backdoor reset for this. However when I've accidentally locked myself out before I've used a browser extension called "Disable Content-Security-Policy" to get around this:

Also if you want a temporary code fix, you could reset it like so:

// Inject ICspSettingsService as cspSettingsService
var currentSettings = await cspSettingsService.GetAsync();
currentSettings.IsReportOnly = true;
await cspSettingsService.SaveAsync(currentSettings, "My Name");

[rsudworth]

Thank you for the response and apologies for not coming back to this sooner. I'll use the plugin to let myself back in and keep an eye out for version 3

[GeekInTheNorth]

The Nonce is meant to be generated only for Content pages due to many AddOns and the CMS backend not being Nonce friendly. I've noticed you're getting it generated there too.

I plan to release v3 in the next 1-2 weeks that will fix that issue.