The issue is that this is the only way you use 99% of marketing tools. The problem we encounter is related to Blueconic – automated profiling tool.
I know there is an option to store JS in static resources and load this way – but still this cannot be done in the head section. Am I correct? For me actually means show stopper and one client for SF less.
I have seen Load CSS and JS from CDN in Lightning component. Mentioned topic is not solved and what is important in my situation external resources must be loaded in the HEAD section of the page – NOT in component – so it’s different place in the platform.
As of Summer ’17 with locker service and with “Enable Stricter CSP for Lightning Components” Enabled it will no longer be supported. the documentation lists supported tags and attributes as well as an IMPORTANT note.
Important: With the “Enable Stricter CSP for Lightning Components in
Communities” critical update, you have control over whether to enforce
stricter CSP. When stricter CSP is activated, some of your existing
head markup may not work correctly. Test your markup in your sandbox
or DE orgs first before activating in live orgs in a future release.
For security purposes, we restrict the tags, attributes, and values
allowed in the head markup of your pages
as, charset, crossorigin, disabled, href,
hreflang, id, import, integrity, media, rel, relList, rev, sheet,
sizes, target, title, type
**For rel, allowed values are alternate:
precomposed, apple-touch-startup-image, author, bookmark, external,
help, icon, license, manifest, mask-icon, next, nofollow, noopener,
noreferrer, pingback, prefetch, preload, prev, search, shortcut icon,
stylesheet, and tag.
charset, content, http-equiv,2 name, scheme
**For http-equiv, allowed values are cleartype, content-type,
content-language, and default-style.
If you do add scripts you will get the following message:
You will have to monitor and check for critical updates and decide which ones to enable/disable.