All things Shopify and commerce
I have a Shopify plus account. I had added some js script on the checkout page. But I am getting errors in the console. How can I fix those errors?
Here is the list of errors that I am getting in the console:
Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.shopify.com cdn.shopify.cn cdn.shopifycloud.com app.shopify.com checkout.shopifycs.com maps.googleapis.com ajax.googleapis.com storage.googleapis.com apis.google.com pay.google.com <URL> ssl.google-analytics.com <URL> <URL> <URL> googleads.g.doubleclick.net connect.facebook.net connect.facebook.com <URL> <URL> sandbox.paypal.com api-cdn.amazon.com payments.amazon.com eu.account.amazon.com apac.account.amazon.com payments-de.amazon.com payments-uk.amazon.com payments-jp.amazon.com static-na.payments-amazon.com static-eu.payments-amazon.com static-fe.payments-amazon.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
[Report Only] Refused to load the script 'https://sdk.postscript.io/integrations/sdk-min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.shopify.com cdn.shopify.cn cdn.shopifycloud.com app.shopify.com checkout.shopifycs.com maps.googleapis.com ajax.googleapis.com storage.googleapis.com apis.google.com pay.google.com www.google-analytics.com ssl.google-analytics.com www.gstatic.com www.googleadservices.com www.googletagmanager.com googleads.g.doubleclick.net connect.facebook.net connect.facebook.com www.paypal.com www.paypalobjects.com sandbox.paypal.com api-cdn.amazon.com payments.amazon.com eu.account.amazon.com apac.account.amazon.com payments-de.amazon.com payments-uk.amazon.com payments-jp.amazon.com static-na.payments-amazon.com static-eu.payments-amazon.com static-fe.payments-amazon.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
[Report Only] Refused to load the script 'https://js.usemessages.com/conversations-embed.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.shopify.com cdn.shopify.cn cdn.shopifycloud.com app.shopify.com checkout.shopifycs.com maps.googleapis.com ajax.googleapis.com storage.googleapis.com apis.google.com pay.google.com www.google-analytics.com ssl.google-analytics.com www.gstatic.com www.googleadservices.com www.googletagmanager.com googleads.g.doubleclick.net connect.facebook.net connect.facebook.com www.paypal.com www.paypalobjects.com sandbox.paypal.com api-cdn.amazon.com payments.amazon.com eu.account.amazon.com apac.account.amazon.com payments-de.amazon.com payments-uk.amazon.com payments-jp.amazon.com static-na.payments-amazon.com static-eu.payments-amazon.com static-fe.payments-amazon.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
[Report Only] Refused to load the script 'https://bat.bing.com/bat.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.shopify.com cdn.shopify.cn cdn.shopifycloud.com app.shopify.com checkout.shopifycs.com maps.googleapis.com ajax.googleapis.com storage.googleapis.com apis.google.com pay.google.com www.google-analytics.com ssl.google-analytics.com www.gstatic.com www.googleadservices.com www.googletagmanager.com googleads.g.doubleclick.net connect.facebook.net connect.facebook.com www.paypal.com www.paypalobjects.com sandbox.paypal.com api-cdn.amazon.com payments.amazon.com eu.account.amazon.com apac.account.amazon.com payments-de.amazon.com payments-uk.amazon.com payments-jp.amazon.com static-na.payments-amazon.com static-eu.payments-amazon.com static-fe.payments-amazon.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
I would love some more clarity on this as well.
Yes i've just noticed this in PLUS stores i manage too, it seems like Shopify is now blocking scripts not from certain domains, however is currently reporting only but not actually blocking.
Clarification around why this has been introduced would be good, will this be blocked sometime in future? if so when? If this is rolled out without warning it will break lots of PLUS stores. Not a great experience for merchants or customers alike.
Same here. Are there any updates on this?
Shopify let me know that they were using this to track script errors but no current plans to lock this down. The error is a report level error only, so you aren't actually impacted at the moment.
Thank you for the info @Parcel_Intellig. That's good news! I saw that CSP is in Report only mode but you never know 😉
Is this still the case? I ran into this issue when I add shipping info using javascript and all I see when this console error occures is that the Shipping inputs area all marked red for required like none of my info was saved from the previous page.
To Shopify Team,
Dont' you feel responsible to respond on issues from shopify? If you have lack of support, please hire us.
Just following this thread as I'm also seeing quite a few report-only errors using both Chrome and Firefox.
These errors mention a few of the apps I am using, as well as MS Clarity we use to track user behaviour throughout the checkout funnel.
Any response from Shopify would be greatly appreciated.
I am having this issue with my store right now as well.
Similar error is being sent to my customers when clicking a link to access their abandoned cart: "14[Report Only] Refused to frame '<URL>' because it violates the following Content Security Policy directive: "child-src c.paypal.com cdn.shopify.com cdn.shopifycdn.net". Note that 'frame-src' was not explicitly set, so 'child-src' is used as a fallback. "
This code in particular redirects the customer to the "payment info" page instead of their actual cart where they can apply discount codes or modify their order prior to checking out/purchasing.
I use the app SMS Bump to recover abandoned carts and thought it may be an issue on their part. After speaking with their help desk, I was told that it's a Shopify issue and have yet to find a solution to this issue.
I currently have the Basic Shopify Plan with the Mr. Parker 2.0 theme installed
Hoping for a response from the Shopify support team, as I have marked this issue as new.
Same error… Hoping for an update!
Same problem here. #Weneedshopifytorespond !!!
Hey I am facing the same issue with my store.
Your payment can’t be processed for technical reasons. Try again or use a different payment method.
same issue here, can you solve it for your store?
As 2024 wraps up, the dropshipping landscape is already shifting towards 2025's trends....
By JasonH Nov 27, 2024Hey Community! It’s time to share some appreciation and celebrate what we have accomplis...
By JasonH Nov 14, 2024In today’s interview, we sat down with @BSS-Commerce to discuss practical strategies f...
By JasonH Nov 13, 2024