To connect to some external certain 3rd party tools you can add , a custom JavaScript to must be executed in the browsers of the visitors of the 3YOURMIND application.
Example Use-cases Examples are:
Google Analytics or other tracking tools
A Cookie Banercookie banner
A support widget
A chatbot
Steps
In order Two steps are necessary to embed an external script, 2 things are necessaryJavaScript into the application:
Add external domains to the CSP Header
3YOURMIND has a Content Security Policy in place to protect from that protects against certain forms of Attackscybersecurity attacks. The Its default settings don’t allow disallow loading content from any domain that is not part of the policy.
If you skip this step , then you will see errors like this the following error in the Browsers browser's JavaScript console:
| Code Block |
|---|
Refused to load the script '[domain]' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' google.com *.amazonaws.com *.gstatic.com *.stripe.com *.stripe.network pagecdn.io". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. |
To add a domain into to the list of allowed domains, one you must add the following content to the values.yaml configuration file. For SaaS installations this can only be done by our Technical Support Team:
...
Due to different versions of Google Analytics (+ combinations with the combination with Tag Manager), it is a bit complicated to set add the right domains for Google Analytics to work. It might require a bit try - expect some trial & error.
Review this resource.:
https://developers.google.com/tag-platform/tag-manager/web/csp
...
| Code Block |
|---|
extraCspSources: "'unsafe-inline' https://www.googletagmanager.com" |
Add the script
...
to the admin panel
Go to the admin panel (by adding
/adminto the domain).There, go to: Organizations > Your Organization
Add the script wrapped in the a
<script>tag into the Extra Script boxClock on Save
Example:
...