clean-thailand-85006
08/08/2022, 11:25 AMscript-src
policy (this one is duh 😅).
• We needed to allow unpkg.com to the script-src
policy (there is only one script served from there: ab-designer@0.6.0
). This one is tricky, and I’d expect people not wanting to add a global CDN to their allow list as that’d render the policy useless. This is a blocker on our end. No idea what the best solution for this would be but I’d personally recommend hosting this script in your own domain if possible.
• We needed to include a frame-ancestors
policy to allow app.growthbook.io to embed an iframe pointing to our site. This one is pretty obvious but I was surprised not to see any reference to it in the docs.
I hope this helps improving this new feature and I’m happy to share any other details you might need to trace these problems down