Installing the Freshpaint SDK with a Content Security Policy (CSP)
PreviousInstalling the Freshpaint Javascript SDKNextInstalling the Freshpaint Javascript SDK with Server-Side Rendering (SSR) + React
Last updated
Last updated
You may be using a Content Security Policy (CSP) in order to enhance the security of your webpage. Since this restricts how JavaScript resources are loaded, you'll need an engineer to follow a few more steps. You'll know this is an issue when the following console error is triggered when you try to install the Freshpaint snippet:
An engineer will will need to use the hash given in your console error and add it to the allowlist for the 'script-src' in your CSP:
The following urls will need to be allowlisted on your CSP in order to load the Freshpaint snippet:
https://perfalytics.com/static/js/freshpaint.js
https://perfalytics.com/static/js/integrations.js
https://perfalytics.com/static/js/editor.js
The following domains will also need to be allowlisted:
https://freshpaint-cdn.com
https://perfalytics.com
https://*.perfalytics.com
If you have adblocker bypass enabled, the urls you will need to allowlist on your CSP will be specific to your account. You'll have to add the specific urls that appear in your console errors to your CSP. For example:
https://<custom_subdomain>.cloudfront.net/static/js/freshpaint.js
https://<custom_subdomain>.execute-api.us-west-2.amazonaws.com/prod
https://<custom_subdomain>.cloudfront.net/static/js/integrations.js
https://<custom_subdomain>.cloudfront.net/static/js/editor.js
If you have client-side app destinations integrated, those will have to be added to the allowlist on the CSP as well. Here is an example of a CSP with ad-blocker bypass enabled with the correct urls allowlisted with a Freshpaint client-side Mixpanel destination integration:
