We can't use ANDI right now without using the chrome extension and there is a desire to find a better work around, so real users would be able to use ANDI without downloading the extension as well. The chrome extension currently disables the content-security policy but we don't really want to make that a practice. We should investigate ways to fix this.
Ask the page owner to add the ANDI scripts to the “whitelist” of allowed scripts.
Acceptance criteria
[ ] Review ANDI faq linked above
[ ] investigate adding ANDI scripts to our whitelist to stop
[ ] Time box max of 3 days, and if not able to add ANDI to our whitelist, provide the team with your findings
[ ] suggest alternative solutions
Additional context
If cloud.gov hosting our system becomes a blocker, be sure to email them or go to their office hours (Alysia can share the link).
Slack discussion from dev channel
Slack discussion from design channel
Issue description
We can't use ANDI right now without using the chrome extension and there is a desire to find a better work around, so real users would be able to use ANDI without downloading the extension as well. The chrome extension currently disables the content-security policy but we don't really want to make that a practice. We should investigate ways to fix this.
ANDI FAQ section) mentions the following could be a fix:
Acceptance criteria
Additional context
If cloud.gov hosting our system becomes a blocker, be sure to email them or go to their office hours (Alysia can share the link). Slack discussion from dev channel Slack discussion from design channel
Links to other issues
No response