Content Security Policy Problem

(kokos) #1

Hi to every one

I try to put on my site the web bot widget, but get the following 2 errors:

  • "Refused to execute JavaScript URL because it violates the following Content Security Policy directive: “script-src ‘self’ “https://widget.flowxo.com”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-…’), or a nonce (‘nonce-…’) is required to enable inline execution.”

  • Refused to apply inline style because it violates the following Content Security Policy directive: "style-src ‘self’ “https://fonts.googleapis.com”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-EG9O1d5qy4CBOoWRxRKsuh9UzSO5XEBv+iGojS4DdD4=’), or a nonce (‘nonce-…’) is required to enable inline execution.

both for execution of “(anonymous) @ widget.flowxo.com/embed.js:1”.

I have put on my site the “Content Security Policy” with this tag (IIS)

“< add name=“Content-Security-Policy” value=“default-src ‘self’; style-src ‘self’ https://fonts.googleapis.com; script-src ‘self’ https://widget.flowxo.com;” />”

Do have create ‘unsafe-inline’ keyword or a hash (‘sha256-…’) or a nonce (‘nonce-…’)?
How can i write your script in (‘nonce-…’)?

I don’t find anyone with the some question in community Please can you help me?

(Sarah Palombo) #2

Hi Kokos

Unfortunately we’ve not come across this already and I’m really not sure about this. (doesn’t really help I appreciate :expressionless:)

I have seen other topics where widgets resulted in a similar error as there seems to be some advice over at Stackoverflow If you do a quick search on that error there (or a Google Search). Perhaps that will let you stumble over other users advice and how that could be resolved.

Good luck !

Sarah

(Tom Spencer) #3

Unfortunately we don’t currently support using the web widget on a site with a Content Security Policy.

We’ll look to support this in the future, but for now if you remove the CSP header, the error messages will disappear.

1 Like
(kokos) #4

Thank a lot for you support,

Flow xo is very very good. If you support also Content Security Policy should be excellence .

Thanks a lot

1 Like
(kokos) #5

thank a lot Sarah.The answer of Tom is cover the problem that i have.