Uploaded image for project: 'Planet4'
  1. Planet4
  2. PLANET-7675

Add VWO in our CSP allow list

XMLWordPrintable

    • 5
    • Analytics
    • Sprint #249
    • sinope

      Summary

      We are trying to run our first A/B test with VWO and are running into a Content Security Policy violation. They said we need to add VWO to our allow list.

       h3. Requirements

      • Add an exception for VWO resources to our CSP headers
      • Potentially use our own hook to add this, in order to keep the default CSP code clean.
      • Add a feature flag to conditionally apply the CSP exceptions

      Resources

      • VWO CSP documentation
      • Suggested CSP option by VWO:
        *default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.visualwebsiteoptimizer.com *visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io frame-ancestors 'self'
        
      • A/B testing example page (see CSP errors in console log)

        1. Captura de Tela 2024-12-17 às 16.33.20.png
          892 kB
          Guilherme Munhoz
        2. Captura de Tela 2024-12-17 às 16.49.04.png
          365 kB
          Guilherme Munhoz
        3. Captura de Tela 2024-12-18 às 14.16.34.png
          2.47 MB
          Guilherme Munhoz
        4. Image_2024-11-23_00-09-48(1).png
          92 kB
          Molly Marcott
        5. image-2024-12-18-14-15-42-476.png
          484 kB
          Guilherme Munhoz
        6. variation-A.jpg
          548 kB
          Guilherme Munhoz
        7. variation-B.jpg
          384 kB
          Guilherme Munhoz

            dtovbein Dan Tovbein
            mmarcott Molly Marcott
            Molly Marcott Molly Marcott
            Osong Agberndifor Osong Agberndifor
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: