Product: Pdftron Webviewer
Product Version: 11.7.0
We’re using WebViewer 11 with a strict nonce-based script-src CSP. We pass cspNonce, but webviewer-core.min.js still triggers Executing inline script violates Content Security Policy. Is this expected? Does cspNonce apply only to dynamically created styles, or should it also nonce the runtime-generated inline scripts? If not, is WebViewer.Iframe() with a separate CSP the recommended deployment model?