We’ve developed & deployed web pixels for our app https://apps.shopify.com/spur-automated-support-marketing
Web pixels are working well for events that occur when a user is browsing a website. But when they head over to checkout, the browser.sendBeacon() code fails because of the following error:
Refused to connect to '[https://api.meetspur.app/pixel?id=219&spcid=2904309](https://api.meetspur.app/pixel?id=219&spcid=2904309)' because it violates the following Content Security Policy directive: "connect-src 'self' *.shopifycs.com c1-stats.shopifysvc.com/performance c1-stats.shopifysvc.com/custom-metrics monorail-edge.shopifysvc.com monorail-edge-staging.shopifycloud.com ct.pinterest.com analytics.tiktok.com stats.g.doubleclick.net c1-stats.shopifysvc.com [www.google-analytics.com](http://www.google-analytics.com) [www.facebook.com](http://www.facebook.com) [www.instagram.com](http://www.instagram.com) *.snapchat.com atlas.shopifysvc.com atlas.shopifycloud.com saadaa-design.myshopify.com saadaa.in [www.saadaa.in](http://www.saadaa.in) saadaa-design.account.myshopify.com shop.app shopify-chat.shopifycloud.com shopify-chat.shopifyapps.com *.pusher.com *.bugsnag.com hcaptcha.com *.hcaptcha.com".
This is breaking all conversion tracking for Web Pixels since the Header response of a checkout page has mentioned these CSP headers & no requests are sent to our server because of that.
Steps to reproduce
-
Click on any of these links
https://www.kiayaaccessories.com/?spcid=2961179&utm_source=spur&utm_medium=spur_fb&utm_campaign=spur_automation&utm_content=2961179
https://saadaa.in/?spcid=2904309&utm_source=spur&utm_medium=spur_fb&utm_campaign=spur_automation&utm_content=2904309 -
Add any product to cart & head to checkout page
-
Press F12 & open the console in dev tools
-
You’ll see the error above & thats the reason we cant track conversion events via pixel
