bot on angular app with error: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' data: mediastream: blob: filesystem: 'nonce-NDk0M2Q0NTQtYWViOC00ZmYzLTkxMjEtMjQ4YTg1OTY3MzQ4' *.dify.dev *.dify.ai *.udify.app udify.app *.r2.cloudflarestorage.com *.sentry.io http://localhost

[engraveocean]

Self Checks

• I have searched for existing issues search for existing issues, including closed ones.
• I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
• [FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:)
• Please do not modify this template :) and fill in all the required fields.

1. Is this request related to a challenge you're experiencing? Tell me about your story.

I am trying to use the feature of embed bot to angular web app, the bot flot button shows at the button which is good but after you click it the error

popsup.
i haven been done so many researches such as generate a nonce dynamicly from serverside :
const express = require('express');
const crypto = require('crypto');
const path = require('path');
const app = express();

// Middleware to generate a nonce for each request
app.use((req, res, next) => {
res.locals.nonce = crypto.randomBytes(16).toString('base64'); // Generate a secure nonce
next();
});

// Serve static files
app.use(express.static(path.join(__dirname, 'dist/naccc')));

// Serve the Angular app with the nonce injected
app.get('*', (req, res) => {
const nonce = res.locals.nonce; // Dynamically generated nonce
res.send(<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <title>Naccc</title> <base href="/"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" type="image/x-icon" href="favicon.ico"> <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap" rel="stylesheet"> <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet"> <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-${nonce}' https://udify.app; object-src 'none';"> </head> <body class="mat-typography"> <app-root></app-root> <script nonce="${nonce}"> window.difyChatbotConfig = { token: 'WBdHo2pzUhi2G***' }; </script> <script src="https://udify.app/embed.min.js" id="WBdHo2pzUh**" defer></script> <style> #dify-chatbot-bubble-button { background-color: #1C64F2 !important; } #dify-chatbot-bubble-window { width: 24rem !important; height: 40rem !important; } </style> </body> </html>);
});

// Start the server
const PORT = process.env.PORT || 4200;
app.listen(PORT, () => {
console.log(Server is running on http://localhost:${PORT});
});

2. Additional context or comments

which looks the native bot all have this issue now