Importing hubspot web feedback causes Content Security Policy error
Hello, i am importing the hubspot js to use the feedback form and i get the following error
"Refused to load the script 'https://js.hubspotfeedback.com/feedbackweb-new.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.doubleclick.net *.googleapis.com *.gstatic.com *.saphetor.com *.googletagmanager.com *.google-analytics.com *.hs-analytics.net *.usemessages.com *.bizographics.com *.jsdelivr.net *.hsadspixel.net *.licdn.com *.cookiepro.com *.linkedin.com *.varsome.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.hs-scripts.com *.hscta.net *.hubspot.com *.hsforms.net *.hsforms.com *.jquery.com *.hs-banner.com *.googleadservices.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."
You can view a live example here (https://varsome.com/). Any ideas on how to fix this problem?
May 11, 20219:11 AM - edited May 11, 20219:13 AM
Contributor
Importing hubspot web feedback causes Content Security Policy error
Tersely, check the list.
Verbosely, per your statement script-src is a content security policy that dictates from where JavaScript may be provided and executed. The generic syntax is 'script-src (source)' wherein source is one or more sources that are "allowlisted" as providers and can be a r served keyword, nonce, url, etc.
In your case, examine the list you've provided. The first few just say I want to allow scripts from the same origin, inline scripts, and generative statements within JavaScript that may be unsafe to be executed. The following is just a long list of allowlisted "providers". Naturally, if you haven't allowlisted a provider the JavaScript won't be fetched / executed.
Side note.... Does the forum filter really change wh*telist to allow list lol....