https://www.growthbook.io/ logo
#give-feedback
Title
# give-feedback
c

clean-thailand-85006

08/08/2022, 11:25 AM
👋 Hola Growthbook team! We are testing the Visual Editor and we had some problems setting it up. They were all about CSP rules, I’m posting the rules we had to include here just so that you are aware other people might trip on them: • We needed to allow cdn.growthbook.io to the
script-src
policy (this one is duh 😅). • We needed to allow unpkg.com to the
script-src
policy (there is only one script served from there:
ab-designer@0.6.0
). This one is tricky, and I’d expect people not wanting to add a global CDN to their allow list as that’d render the policy useless. This is a blocker on our end. No idea what the best solution for this would be but I’d personally recommend hosting this script in your own domain if possible. • We needed to include a
frame-ancestors
policy to allow app.growthbook.io to embed an iframe pointing to our site. This one is pretty obvious but I was surprised not to see any reference to it in the docs. I hope this helps improving this new feature and I’m happy to share any other details you might need to trace these problems down
14 Views