Prior to the security update, Our Organization was applying customisations on the MFT login page which were used for Multi-factor authentication. This was done by our MFA provider using the following method:
Our Organization developed MFA login support to HTML MFT Domain by adding a single line to the custom Footer.htm
This “prefill.js” script then does all the needed work to add the additional fields and buttons to support the MFA login.
The issue is that after the patch, Serv-U now populates the Content-Security-Policy response header as script-src 'nonce-33D450ABE161E0C9D6C13CE5F37637CB'
(the nonce changes with each refresh of course)
Can you please advise how we can achieve the login page customisations for MFT version 15.2.2?