Need help with the content security policy

We’re currently trying to integrate the payment provider Steady – People-Powered Media into our discourse site. Unfortunately, I don’t get their javascript code past our content security policy. I whitelisted every domain I could find in the code, but still get this in the developer console:


This is the incriminated code piece:

Does anyone know how to fix this? Thanks!

1 Like

Why do you think this is a CSP error?

(If it was, the code wouldn’t even run, and it is, because it throws an error).

1 Like

Everything works as expected, when I deactivate the content security policy, so this was the best guess I could come up with. :wink: Thanks for the hint! Do you have a tip on how to solve this?

1 Like

I think the script you’re trying to integrate uses eval() which is blocked by default (the reason is explained in the link above) so you need to add


to your CSP setting if you want that to work.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.