docs.appcues.com Open in urlscan Pro
54.204.175.66  Public Scan

Submitted URL: https://docs.appcues.com/article/234-whitelisting-appcues
Effective URL: https://docs.appcues.com/article/234-content-security-policies
Submission: On August 24 via manual from US — Scanned from DE

Form analysis 1 forms found in the DOM

GET /search

<form action="/search" method="GET" id="searchBar" class="sm" autocomplete="off">
  <input type="hidden" name="collectionId" value="625ffdca6c886c75aabe882e">
  <input type="text" name="query" title="search-query" class="search-query" placeholder="Search" value="">
  <button type="submit">
    <span class="sr-only">Toggle Search</span>
    <i class="icon-search"></i>
  </button>
  <div id="serp-dd" style="display: none;" class="sb">
    <ul class="result">
    </ul>
  </div>
</form>

Text Content

FAQ: CONTENT SECURITY POLICIES

Some software products use a content security policy that automatically blocks
resources that are not explicitly allowed. Such security policies may cause
Appcues' editor or SDK to fail to load properly. If your product has a content
security policy that is impacting Appcues' editor or SDK, you will want to
extend that CSP with a number of resources that Appcues requires. 

You'll need to add the following Content Security Policy settings on your end:

frame-src    'self' https://*.appcues.com;
style-src    'self' https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com 'unsafe-inline';
script-src   'self' https://*.appcues.com https://*.appcues.net 'unsafe-inline';
img-src      'self' res.cloudinary.com twemoji.maxcdn.com;
connect-src  https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com;


Please reach out to us at support@appcues.com if you have any questions on the
above.


A NOTE ON 'UNSAFE-INLINE'

The above content security policy is functional and secure.  Some organizations
prefer to have the ' unsafe-inline' as specified in rows 2 and 3 above. While is
possible to remove this directive, if you do, the following Appcues functions
will no longer work properly.



FLOW SETTINGS > ACTIONS

In your flow settings, you're given the option to choose an action to perform
when a flow completes. These actions depend on unsafe-inline, and will not
function if unsafe-inline is removed. In addition, if any of the following Flow
settings are checked on the Flow and unsafe-inline is removed and if a user
opens their browser's JavaScript console they will see an error, which is
harmless.  




BUILDER "TRIGGER FLOW" BUTTONS

When configuring a button in the builder, one option is to configure the button
to "Trigger Flow". This functionality will not work if the unsafe-inline
directive is removed.



Did this answer your question? Thanks for the feedback There was a problem
submitting your feedback. Please try again later.
Yes No
Last updated on April 26, 2022
Toggle Search



CATEGORIES

 * Installation & Developers
 * User Experiences
 * Mobile
 * Account Management
 * Analytics
 * Best Practices
 * Integrations

No results found

© Appcues 2022. Powered by Help Scout