Running into many CSP Errors when embedding my form

bercohen · February 18, 2025, 5:53pm

I built out some forms using many API calls to salesforce, airtable, zapier etc.
Here is an example form: Lead Gen Cloud Page

we’re using the following code to embed feathery on a page, on a site which has a very strict Content Security Policy (CSP).

<script src="https://cdn.jsdelivr.net/npm/@feathery/react@latest/umd/index.js"></script> <div id='container'></div> <script> (() => { Feathery.init('<SDKKey>'); // Change to true if your form uses Stytch or Firebase for login. const loginEnabled = false; Feathery.renderAt('container', { formId: '<formId>' }, loginEnabled); })(); </script>

We believe we’ve sorted out the various fetch directive allowances (connect-src, script-src) as follows:
connect-src

api.feathery.io/api/
api-static-2.feathery.io/api/custom-request/
cdn.feathery.io/api/panel/

script-src

cdn.jsdelivr.net/npm/@feathery/react@latest/umd/

Are there any other CSP directives we need to be aware of to ensure smooth integration with Feathery JS embeds?

Kenny · February 19, 2025, 4:32am

Hi @bercohen,

Because CSP violations will be logged in the browser console, you should see clear error messages indicating which directive is failing. That’s the best indicator of what additional allowances might be necessary.

If you run into any specific errors, feel free to share them, and we can help pinpoint the exact adjustments needed.

Topic		Replies	Views
Issue embedding multiple forms on website Support	4	153	March 8, 2024
Problems with Forms (logic, CSS, flow, thank you pages) Support	1	31	September 19, 2024
Embed Javascript HTML on Go Daddy Website Support	8	248	May 19, 2024
Minified React error #40 & #200 Support	2	40	August 21, 2024
Feathery.http.get doesn't work? Support	3	18	February 14, 2025

Running into many CSP Errors when embedding my form

Related topics