Content Security Policy Reports - Apps Requests

MerchantYard
Tourist
9 0 2

Hello,

There is an issue with apps scripts/requests, It throws an error on browser console related to security CSP reports, Here is an example error:

[Report Only] Refused to connect to 'https://XXX' because it violates the following Content Security Policy directive: "connect-src 'self' .shopifycloud.com .shopifysvc.com .amazon.com .paypal.com *.facebook.com sessions.bugsnag.com analytics.tiktok.com bat.bing.com www.google-analytics.com ct.pinterest.com stats.g.doubleclick.net".

So it seems external scripts are allowed from certain domains only.

Please help.

Thanks

0 Likes
_JB
Shopify Staff
Shopify Staff
809 95 176

Hey @MerchantYard,

The error shows [Report Only] which means the error is informational and shouldn't affect how the script loads. Can you confirm in the network console that the script is indeed being blocked? If this is the case please provide a shop_id or page URL and we can investigate further.

JB | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

0 Likes