FAQ: Content Security Policies

Some software products utilize a content security policy that automatically blocks resources that are not explicitly allowed. Such security policies may cause Appcues' editor or SDK to fail to load properly. If your product has a content security policy that is impacting Appcues' editor or SDK, you will want to extend that CSP with a number of resources that Appcues requires. 

You'll need to add the following the Content Security Policy settings on your end:

frame-src    'self' https://*.appcues.com;
style-src    'self' https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com 'unsafe-inline';
script-src   'self' https://*.appcues.com https://*.appcues.net 'unsafe-inline';
img-src      'self' res.cloudinary.com twemoji.maxcdn.com;
connect-src  https://*.appcues.com *.appcues.net ws:;

Please reach out to us at support@appcues.com if you have any questions on the above.