Content Security Policy (CSP) is a security mechanism used in web applications to prevent or limit XSS (Cross-Site Scripting) attacks.
Online stores and other sites typically use third-party services such as Google Analytics, Messenger, automated marketing tools (like edrone), etc.
CSP allows website administrators to control where content that is used by a web application comes from. You can specify which sources of scripts (CSS or JavaScript), styles, images, fonts, etc. are considered safe and allowed to be loaded on the site. This way, if a script or other content from an untrusted source is found on the page, the CSP can prevent it from executing.
Sample CSP message blocking edrone script:
'Refused to load script (...) because it violates the following Content Security Policy directive.'
What if edrone scripts are blocked by CSP?
If Content Security Policy is blocking scripts on your website, check what rules have been set in the CSP policy and whether they are too restrictive. You can solve this problem in several ways.
One is to change the CSP policy to allow scripts to be loaded from specific sources, such as your own domain or other trusted sources (such as edrone files). This means that you should add the blocked files to a whitelist. If you are not sure which domains should be added to the whitelist, contact edrone support to verify which domains are blocked.
How to add external domains to the whitelist?
Editing CSP settings can be done on the platform side of the store. The answer for activating/editing CSP should be in the documentation of the respective platform. If you have problems with giving the right settings and adding domains to the whitelist, the best solution is to contact the support of the store platform.
Do you need more help?
If you have additional questions related to edrone script blocking on your store page, please contact us via chat or at hello@edrone.me