06-27-2023 10:23 AM - edited 09-16-2025 08:46 AM
To test whether the issue can be resolved by disabling the Content Security Policy, you can use a Chrome extension called "Disable Content Security Policy." You can install and enable it by following these steps:
Once the extension is enabled, visit the website again to verify if the tag is successfully loaded without the Content Security Policy restrictions.
If the tag is successfully loaded, it indicates that the issue may be related to the Content Security Policy. In that case, you can proceed to whitelist the Invoca script source in the CSP.
Sources to allow are:
The files located in different paths but under the same domain will be subject to the same CSP restrictions.
Customers have two options to modify the CSP:
Content-Security-Policy: script-src 'self' solutions.invocacdn.com pnapi.invoca.net; connect-src 'self' pnapi.invoca.net;
2. Update the <meta> tag in HTML to include the script source. For example:
<meta http-equiv="Content-Security-Policy" content="script-src 'self' solutions.invocacdn.com pnapi.invoca.net; connect-src 'self' pnapi.invoca.net;">
This ensures that the script from the specified source ('self' or solutions.invocacdn.com pnapi.invoca.net ) is allowed.
The error message in Console of Dev Tool