Closed nelsonic closed 1 year ago
thanks for reporting @nelsonic! as your site has a content security policy, you would need to add our domain name plausible.io specifically to the allowed domains list in your CSP as otherwise our script will be blocked
@metmarkosaric thanks for your quick reply.
This is what we've been trying to do ... ā³
e.g:
<meta
http-equiv="Content-Security-Policy"
content="default-src *; style-src 'self' 'unsafe-inline';
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://plausible.io;
script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://plausible.io "
/>
We've tried googling this and reading as many posts on the CSP topic as we could find.
We were just hoping that someone else
using plausible/analytics
had faced this issue
and there was already a well defined solution. š¤
you're welcome! you can see here how others manage their CSP to put our domain on the allow list: https://github.com/plausible/docs/issues/20
Thanks for the link. Dunno why that didn't show up when we googled ... Trying:
Content-Security-Policy: default-src 'self'; script-src plausible.io; connect-src plausible.io
now. š§āš» ā³
you're welcome! closing this as it looks like you have a fix. there's not much we can do from our side about CSPs as it depends on your setup
Thanks again @metmarkosaric š
Past Issues Searched
Issue is a Bug Report
Using official Plausible Cloud hosting or self-hosting?
Plausible Cloud from plausible.io
Describe the bug
We've tried adding the
<script>
tags to our theroot.html
template in ourPhoenix
App: https://github.com/dwyl/mvp/blob/e7b516dddd4679d6f14e7576f29c6e5fe2816348/lib/app_web/templates/layout/root.html.heex#L31-L35It's deployed to: https://mvp.fly.dev But we get the following error:
Have read your docs and googled a bunch and not found a solution.
Expected behavior
We would expect this to just work. But obviously that's naive. š
Screenshots
No response
Environment