Need help with the content security policy

We’re currently trying to integrate the payment provider Steady – People-Powered Media into our discourse site. Unfortunately, I don’t get their javascript code past our content security policy. I whitelisted every domain I could find in the code, but still get this in the developer console:

image

This is the incriminated code piece:
https://steadycdn.com/prod/js/1.14.2.js

Does anyone know how to fix this? Thanks!

1 Like

Why do you think this is a CSP error?

(If it was, the code wouldn’t even run, and it is, because it throws an error).

1 Like

Everything works as expected, when I deactivate the content security policy, so this was the best guess I could come up with. :wink: Thanks for the hint! Do you have a tip on how to solve this?

1 Like

I think the script you’re trying to integrate uses eval() which is blocked by default (the reason is explained in the link above) so you need to add

'unsafe-eval'

to your CSP setting if you want that to work.

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.