topic Re: CTAs not firing on external page in Lead Capture Tools

CTAs not firing on external page

DChesnick — Wed, 09 Aug 2023 20:52:32 GMT

I created a CTA (Beta) for use on my website but it's not firing. Here's the strange thing.... the tracking code is installed and working because I tested a chatbot on the same page and it worked perfectly. But when I truned off the chatbot and tried the CTA I get nothing. PLease advise.

Re: CTAs not firing on external page

DianaGomez — Thu, 10 Aug 2023 00:41:02 GMT

Hi @DChesnick,

Thank you for your inquiry.

Could you kindly provide additional details pertaining to your question? It would be greatly appreciated if you could furnish examples accompanied by screenshots, as well as outline the configuration and steps involved. This information will enable us to offer you more precise assistance.

Best regards,

Diana

Re: CTAs not firing on external page

AmyDePalma — Tue, 22 Aug 2023 22:44:00 GMT

Diana,

I am not the OP, but i am having a similiar issue. We were previoulsly using the Popup form on our client's site and have noq switched over to the new CTA (Beta). Upon doing so, we now recieve a CORS error.

We've set up the triggering the same way as the old, which was working.

Any help would be greatly appreciated. Thanks!

Re: CTAs not firing on external page

DianaGomez — Tue, 22 Aug 2023 23:40:07 GMT

Hello @AmyDePalma,

Thank you for providing the screenshot. It appears that the pop-up isn't triggering due to the error: "Refused to load the script because it violates the following Content Security Policy directive: 'script-src 'self'."

Upon conducting a quick search, I found some informative articles detailing the functionality of content security policies.

A content security policy essentially comprises server settings that define which external scripts can be accessed from within a webpage. To enable the proper functioning of our forms, we require access to external scripts hosted on the HubSpot server. Unfortunately, the existing server settings prevent us from accessing our scripts from your page, resulting in the malfunction of the pop-up form.

To resolve this, it's necessary to collaborate with your development team to include our scripts in the allowlist within your content security settings. Regrettably, we lack the capability to bypass your content security settings, as they are implemented on the external page. Any restrictions enforced by these security settings affect our scripts' ability to function as intended.

Please be aware that we do not possess insight into the specifics of how or why these security settings might block our scripts, as they are determined externally. If the security settings prohibit the loading of our scripts, we are unable to circumvent these limitations.

Thank you for your understanding and cooperation.

Best regards,

Diana

Re: CTAs not firing on external page

AmyDePalma — Wed, 23 Aug 2023 04:47:58 GMT

Thanks for this. I am assuming from this that there is something different in HubSpot script for the new CTA feature that was not there for the old Popup Form feature, since we didn't change anything else aside from deactivating one feature and activating a new one. Our HubSpot embed code has not changed. If I reactivate the previous Popup Form, it will work.

Back to debugging. Thanks!

Re: CTAs not firing on external page

DChesnick — Wed, 23 Aug 2023 17:58:57 GMT

I'll investigate. But intuitively, this sounds odd:

"To enable the proper functioning of our forms, we require access to external scripts hosted on the HubSpot server. Unfortunately, the existing server settings prevent us from accessing our scripts from your page, resulting in the malfunction of the pop-up form."

Why then does it not affect the Chatbot? Or standard forms?

Re: CTAs not firing on external page

DChesnick — Wed, 23 Aug 2023 18:50:58 GMT

The error we are seeing is:

web-interactives-embed.js:1 Uncaught TypeError: Cannot read properties of undefined (reading 'then')
    at f.fetch (web-interactives-embed.js:1:10883)
    at f.fetchConfigs (web-interactives-embed.js:1:9267)
    at f.init (web-interactives-embed.js:1:9971)
    at ai.init (web-interactives-embed.js:1:53174)
    at di (web-interactives-embed.js:1:55969)
    at HTMLDocument.ui (web-interactives-embed.js:1:56029)
fetch @ web-interactives-embed.js:1
fetchConfigs @ web-interactives-embed.js:1
init @ web-interactives-embed.js:1
init @ web-interactives-embed.js:1
di @ web-interactives-embed.js:1
ui @ web-interactives-embed.js:1

Re: CTAs not firing on external page

AmyDePalma — Wed, 23 Aug 2023 19:49:06 GMT

This is what I am also confused about. Our other popup form worked on the same site/setup. So nothing changed on our end. For us, it's just the activation fo the CTA (Beta).

Thanks!

Re: CTAs not firing on external page

DChesnick — Mon, 28 Aug 2023 13:49:44 GMT

@AmyDePalma have you had any success here? The security setting argument Diana offered doesn't appear to hold water for us. We're going through an exercise trying to identify conflicts with any existing WP plugins but haven't found any thus far.

Re: CTAs not firing on external page

AmyDePalma — Tue, 29 Aug 2023 04:28:32 GMT

Hello! We were able to get this working by adding *.hubspot.com to our allowed domain list. For context, we are using Wordpress, hosted on Pantheon. We were able to sucessfully get this working by adding a MU plugin for additional security headers. Here's our file, which we palced inside of the MU-plugins folder.

Hope this helps! 🙂

<?php /* Plugin Name: Custom Actions and Filters Description: a plugin to customize header security on a Pantheon-hosted Wordpress site Version: 0.1 Author: Carney Based on https://pantheon.io/docs/wordpress-best-practices#security-headers */ function additional_securityheaders( $headers ) { if ( ! is_admin() ) { $headers['cache-control'] = "no-cache, max-age=2592000"; // 2592000 = 6 months $headers['Content-Security-Policy'] = "script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.unpkg.com *.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsleadflows.net *.newrelic.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.licdn.com *.nr-data.net *.jsdelivr.net *.fontawesome.com *.hotjar.com *.hubspot.com *.clarity.ms"; $headers['Strict-Transport-Security'] = "max-age=2592000"; // 2592000 = 6 months $headers['x-content-type-options'] = "nosniff"; // value derived from Pantheon template } return $headers; } add_filter( 'wp_headers', 'additional_securityheaders' ); // End of File