{"type":"doc","content":[{"type":"paragraph","content":[{"text":"To connect certain 3rd party tools, a custom JavaScript must be executed in the browsers of the visitors of the 3YOURMIND application.","type":"text"}]},{"type":"paragraph","content":[{"text":"Examples are:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Google Analytics or other tracking tools","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"A cookie banner","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"A support widget ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"A chatbot","type":"text"}]}]}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Steps","type":"text"}]},{"type":"paragraph","content":[{"text":"Two steps are necessary to embed an external JavaScript into the application:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Add external domains to the CSP Header","type":"text","marks":[{"type":"link","attrs":{"href":"#Add-external-domains-to-the-CSP-Header"}}]},{"text":" ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Add the script to the admin panel","type":"text","marks":[{"type":"link","attrs":{"href":"#Add-the-script-into-the-admin-panel"}}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Add external domains to the CSP Header","type":"text"}]},{"type":"paragraph","content":[{"text":"3YOURMIND has a ","type":"text"},{"text":"Content Security Policy","type":"text","marks":[{"type":"link","attrs":{"href":"https://en.wikipedia.org/wiki/Content_Security_Policy"}}]},{"text":" in place that protects against certain forms of cybersecurity attacks. Its default settings disallow loading content from any domain that is not part of the policy.","type":"text"}]},{"type":"paragraph","content":[{"text":"If you skip this step then you will see the following error in the browser's JavaScript console:","type":"text"}]},{"type":"codeBlock","content":[{"text":"Refused to load the script '[domain]' because it \nviolates the following Content Security Policy directive: \n\"script-src 'self' 'unsafe-inline' 'unsafe-eval' google.com *.amazonaws.com \n*.gstatic.com *.stripe.com *.stripe.network pagecdn.io\". \nNote that 'script-src-elem' was not explicitly set, so 'script-src' \nis used as a fallback.","type":"text"}]},{"type":"paragraph","content":[{"text":"To add a domain to the list of allowed domains, you must add the following content to the ","type":"text"},{"text":"values.yaml","type":"text","marks":[{"type":"code"}]},{"text":" configuration file. For SaaS installations this can only be done by our Technical Support Team:","type":"text"}]},{"type":"codeBlock","content":[{"text":" serviceConfig:\n revproxy:\n extraCspSources: \"[List of domains, seperated by whitespace]\"","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Google Analytics","type":"text"}]},{"type":"paragraph","content":[{"text":"Due to different versions of Google Analytics (+ combinations with the Tag Manager), it is complicated to add the right domains - expect some trial & error.","type":"text"}]},{"type":"paragraph","content":[{"text":"Review this resource:","type":"text"}]},{"type":"paragraph","content":[{"type":"inlineCard","attrs":{"url":"https://developers.google.com/tag-platform/tag-manager/web/csp"}},{"text":" ","type":"text"}]},{"type":"paragraph","content":[{"text":"Here is a working example of a Google Tag Manager setting:","type":"text"}]},{"type":"codeBlock","content":[{"text":"extraCspSources: \"'unsafe-inline' https://www.googletagmanager.com\"","type":"text"}]},{"type":"paragraph","content":[{"text":"If Google Analytics 4 is used, use the following domains”","type":"text"}]},{"type":"codeBlock","content":[{"text":"extraCspSources: \"'unsafe-inline' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com\"","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Add the script to the admin panel","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Go to the admin panel (by adding ","type":"text"},{"text":"/admin","type":"text","marks":[{"type":"code"}]},{"text":" to the domain).","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"There, go to: ","type":"text"},{"text":"Organizations > Your Organization ","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Add the script without the ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To: ","type":"text"},{"type":"hardBreak"}]},{"type":"codeBlock","content":[{"text":"var script = document.createElement(\"script\");\nscript.src = [some URL];\ndocument.head.appendChild(script); ","type":"text"}]},{"type":"paragraph"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"If the original call included an ","type":"text"},{"text":"async","type":"text","marks":[{"type":"code"}]},{"text":" tag change it like this:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"From: ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To: ","type":"text"},{"type":"hardBreak"}]},{"type":"codeBlock","content":[{"text":"var script = document.createElement(\"script\");\nscript.src = [some URL];\nscript.async = true;\ndocument.head.appendChild(script); ","type":"text"}]},{"type":"paragraph"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Move the content of the ","type":"text"},{"text":"