Re: Unable to edit Content Security Policy for Shopify Hydrogen App

Solved

Unable to edit Content Security Policy for Shopify Hydrogen App

pbal
Shopify Partner
4 0 4

I created an app using npm create @Shopify/hydrogen@latest. However, I have been unable to make changes or add URLs to my app's Content Security Policy. I have read through the docs https://shopify.dev/docs/custom-storefronts/hydrogen/content-security-policy  and my code matches the code steps provided.

On entry.server.tsx:

const {nonce, header, NonceProvider} = createContentSecurityPolicy({
styleSrc: [
     "'self'",
      'https://*.mailchimp.com',
    ],
  });
Adding, for example, adding 'https://*.mailchimp.com' here doesn't seem to do anything on my app. Is my formatting incorrect? Or what am I missing?
Accepted Solution (1)

Weaverse
Shopify Partner
73 23 32

This is an accepted solution.

You're adding mailchimp.com to the `styleSrc` directive. It will only allow loading stylesheet URLs. You might need to add it to `defaultSrc` or `scriptSrc` instead.

Helping merchants build super unique, high-performance storefronts using Weaverse + Hydrogen.
Looking for Development & Agency partners.
If you find the answer helpful, give it a thumbs up!
Our App: Theme Customizer for Shopify Hydrogen
Join our Weaverse + Hydrogen community: Weaverse Community

View solution in original post

Replies 2 (2)

Weaverse
Shopify Partner
73 23 32

This is an accepted solution.

You're adding mailchimp.com to the `styleSrc` directive. It will only allow loading stylesheet URLs. You might need to add it to `defaultSrc` or `scriptSrc` instead.

Helping merchants build super unique, high-performance storefronts using Weaverse + Hydrogen.
Looking for Development & Agency partners.
If you find the answer helpful, give it a thumbs up!
Our App: Theme Customizer for Shopify Hydrogen
Join our Weaverse + Hydrogen community: Weaverse Community
pbal
Shopify Partner
4 0 4

Ah I see. Thanks for the help. I ended up needing to use 'defaultSrc' and 'connectSrc' for what I was using in my app.