To connect to some external 3rd party tools you can add custom JavaScript to be executed in the browsers of the visitors of the 3YOURMIND application.
Example Usecases are:
Google Analytics or other tracking tools
A Cookie Baner
A support widget
A chatbot
Steps
In order to embed an external script, 2 things are nesecarry:
Add external domains to the CSP Header
Add the script into the admin panel
Add external domains to the CSP Header
3YOURMIND has a Content Security Policy in place to protect from certain forms of Attacks. The default settings don’t allow loading content from any domain that is not part of the policy.
If you skip this step, you will see errors like this in the Browsers JavaScript console:
Refused to load the script '[domain]' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' google.com *.amazonaws.com *.gstatic.com *.stripe.com *.stripe.network pagecdn.io". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
To add a domain into the list of allowed domains, one must add the following content to the values.yaml configuration file. For SaaS installations this can only be done by our Technical Support Team:
serviceConfig:
revproxy:
extraCspSources: "[List of domains, seperated by whitespace]"
Google Analytics
Due to different versions of Google Analytics (+ the combination with Tag Manager), it is a bit complicated to set the right domains for Google Analytics to work. It might require a bit try & error.
Review this resource.
https://developers.google.com/tag-platform/tag-manager/web/csp
Here is a working example of a Google Tag Manager setting:
extraCspSources: "'unsafe-inline' https://www.googletagmanager.com"
Add the script into the admin panel
Go to the admin panel (by adding
/adminto the domain).There, go to: Organizations > Your Organization
Add the script wrapped in the
<script>tag into the Extra Script boxSave
Example:
