How to resolve the Content-Security-Policy issue with the GrowSurf Universal Code
If you installed the GrowSurf Universal Code on your webpage but GrowSurf fails to load due to a Content Security Policy (CSP) issue, here is how you can resolve the issue.
1. First, check the browser console for the CSP error message.
To open the developer console in Google Chrome, open the Chrome Menu in the upper-right-hand corner of the browser window and select
More Tools > Developer Tools. You can also use Option + ⌘ + J (on macOS), or Shift + CTRL + J (on Windows/Linux).
You should see an error message that says
"
Refused to load the script 'https://app.growsurf.com/growsurf.js?v=2.0.0' because it violates the following Content Security Policy directive".
See the image below for an example.
2. If you are setting your Content Security Policy from your front-end code (HTML), add a <meta> tag [or update your existing one] that configures your policy to include *.growsurf.com.
<meta http-equiv="Content-Security-Policy" content="default-src 'self' *.growsurf.com">
If your server is controlling your Content Security Policy, disregard the above <meta> instructions and update your server instead.