CSP for A/B Testing with PostHog Experiments
A/B testing sounds harmless until it collides with a strict Content Security Policy. That’s where teams usually get stuck with PostHog experiments. Product wants fast iteration. Security wants a locked-down CSP. Engineering gets to mediate the fight. I’ve dealt with this a few times, and the bad news is there’s no magic CSP switch for “safe experimentation.” The good news is you do have a few workable patterns, and each one has pretty clear tradeoffs. ...