FAQ: Content Security Policies
Some software products use a content security policy that automatically blocks resources that are not explicitly allowed. Such security policies may cause Appcues' editor or SDK to fail to load properly. If your product has a content security policy that is impacting Appcues' editor or SDK, you will want to extend that CSP with a number of resources that Appcues requires.
You'll need to add the following Content Security Policy settings on your end:
frame-src 'self' https://*.appcues.com; style-src 'self' https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com 'unsafe-inline'; script-src 'self' https://*.appcues.com https://*.appcues.net 'unsafe-inline'; img-src 'self' res.cloudinary.com twemoji.maxcdn.com; connect-src https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com;
Please reach out to us at email@example.com if you have any questions on the above.
A note on 'unsafe-inline'
Flow Settings > Actions
Builder "Trigger Flow" buttons
When configuring a button in the builder, one option is to configure the button to "Trigger Flow". This functionality will not work if the unsafe-inline directive is removed.