This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
4546members
1452posts
57online
- Invoca
- Support
- Knowledge Base
- Solutions
- The Invoca Tag is not loaded because it violates C...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Jacaselon
Community Manager
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
02-18-2025 11:01 AM - edited 02-19-2025 04:54 AM
Symptoms
The tag is deployed via Google Tag Manager but it's not loaded on the website. There is an error message in Console of Chrome Dev tool saying 'refused to load the script 'https://solutions.eu.invocacdn.com/js/invoca-latest.min.js.
Resolution
To test whether the issue can be resolved by disabling the Content Security Policy, you can use a Chrome extension called "Disable Content Security Policy." You can install and enable it by following these steps:
- Visit the Chrome Web Store by clicking on the following link: https://chrome.google.com/webstore/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden
- Install the extension.
- Enable the extension:
After installing the extension, click on its icon in the Chrome toolbar to enable it.
Once the extension is enabled, visit the website again to verify if the tag is successfully loaded without the Content Security Policy restrictions.
If the tag is successfully loaded, it indicates that the issue may be related to the Content Security Policy. In that case, you can proceed to whitelist the Invoca script source in the CSP.
Sources to allow are:
- solutions.eu.invocacdn.com (Invoca Tag script)
- pnapi.eu.invoca.net (For number swap request)
The files located in different paths but under the same domain will be subject to the same CSP restrictions.
Customers have two options to modify the CSP:
- Update the CSP header in the server configuration: Customers can modify the server configuration to include the script source in the Content-Security-Policy header.
- Update the <meta> tag in HTML to include the script source. For example:
<meta http-equiv="Content-Security-Policy" content="script-src 'self' solutions.eu.invocacdn.com pnapi.eu.invoca.net">.
This ensures that the script from the specified source ('self' or solutions.eu.invocacdn.com pnapi.eu.invoca.net ) is allowed.
Cause
The Content Security Policy is used to protect web applications from various types of attack such as cross-site scripting or data injection. CSP allows web developers to define policies that specify which resources can be loaded and executed. This can help websites prevent unauthorized code from running on the page.
