Unable to edit Content Security Policy for Shopify Hydrogen App

pbal · ‎05-20-2024

I created an app using npm create @Shopify/hydrogen@latest. However, I have been unable to make changes or add URLs to my app's Content Security Policy. I have read through the docs https://shopify.dev/docs/custom-storefronts/hydrogen/content-security-policy and my code matches the code steps provided.

On entry.server.tsx:

const {nonce, header, NonceProvider} = createContentSecurityPolicy({
styleSrc: [
"'self'",
'https://cdn.shopify.com',
'https://*.mailchimp.com',
],
});

Adding, for example, adding 'https://*.mailchimp.com' here doesn't seem to do anything on my app. Is my formatting incorrect? Or what am I missing?

Weaverse · ‎05-21-2024

You're adding mailchimp.com to the `styleSrc` directive. It will only allow loading stylesheet URLs. You might need to add it to `defaultSrc` or `scriptSrc` instead.

Helping merchants build super unique, high-performance storefronts using Weaverse + Hydrogen.
Looking for Development & Agency partners.
If you find the answer helpful, give it a thumbs up!
Our App: Theme Customizer for Shopify Hydrogen
Join our Weaverse + Hydrogen community: Weaverse Community

View solution in original post

Weaverse · ‎05-21-2024

You're adding mailchimp.com to the `styleSrc` directive. It will only allow loading stylesheet URLs. You might need to add it to `defaultSrc` or `scriptSrc` instead.

Helping merchants build super unique, high-performance storefronts using Weaverse + Hydrogen.
Looking for Development & Agency partners.
If you find the answer helpful, give it a thumbs up!
Our App: Theme Customizer for Shopify Hydrogen
Join our Weaverse + Hydrogen community: Weaverse Community

pbal · ‎05-21-2024

Ah I see. Thanks for the help. I ended up needing to use 'defaultSrc' and 'connectSrc' for what I was using in my app.