Error Content Security Policy directive | Community
Skip to main content
Answered

Error Content Security Policy directive

D
Forum|alt.badge.img

I want to embed the Typeform in my Flutter app (Android and iOS). I need to listen the onSubmit callback so that Typeform can be closed once it is submitted.

I used the approach mentioned here:

 

<!DOCTYPE html>
      <html>
        <head>
          <meta charset="utf-8" />
          <meta name="viewport" content="width=device-width, initial-scale=1.0">
          <style>
            * {
              margin: 0;
              padding: 0;
            }
            html,
            body {
              width: 100%;
              height: 100%;
            }
            #form {
              height: 100%;
              width: 100%;
              min-height: 100vh;
            }
            iframe {
              border-radius: 0 !important;
              width: 100%!important;
              height: 100vh!important;
            }
        </style>
        </head>
        <body>
          <div id='form'></div>
          <script src='https://embed.typeform.com/next/embed.js'></script>
          <script>
            window.tf.createWidget('<form-id>', {
              container: document.querySelector('#form'),
              onSubmit: (e) => {
                console.log(JSON.stringify(e));
                // send the callback to the javascript handler
                typeformAB.postMessage(JSON.stringify(e));
              }
            });
          </script>
        </body>
      </html>

 

It works fine but there is an error on console regarding the content security policy.

 

[INFO:CONSOLE(0)] "[Report Only] Refused to frame 'https://form.typeform.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' http://localhost:* capacitor: iconic: https:".

 

I believe this can create a problem in future. So how to resolve this issue?

Best answer by mathio-tf

@deepak_ab Eventually, we would like to start blocking embeds like this. However we can't really give any date, as this has been on stand-by for now. Sorry for not being able to be more precise.

So while your embed on file:// URL will work for now, it will stop working in future. I suggest you embed your form on one of the supported hosts.

View original

10 replies

Liz
Community Team
Forum|alt.badge.img+5
  • Liz
  • Tech Community Advocate
  • 15018 replies
  • February 6, 2024

Hi @deepak_ab Apologies for missing this! Tagging @mathio for some help 😀

Life is a series of awkward moments separated by snacks.
mathio-tf
Typeform
Forum|alt.badge.img+5
  • mathio-tf
  • Typeform
  • 888 replies
  • February 6, 2024

Hello @deepak_ab 

I am not familiar with Flutter development, however it looks like you are serving the form on unsupported host. You will need to serve it on a host that starts with one of the following:

D
1 person likes this
  • D
    deepak_ab
D
Forum|alt.badge.img
  • deepak_ab
  • Author
  • Explorer
  • 5 replies
  • February 20, 2024

@mathio understood. Is the above error an issue for me? or can I ignore this error?

D
Forum|alt.badge.img
  • deepak_ab
  • Author
  • Explorer
  • 5 replies
  • February 20, 2024

If I open the local html file in the browser directly then also the same error message appears.

Local html file is opened as “file:///index.html”.

mathio-tf
Typeform
Forum|alt.badge.img+5
  • mathio-tf
  • Typeform
  • 888 replies
  • February 21, 2024

To be 100% sure this does not break in future I suggest you embed your form on one of the supported hosts.

However let me check with our security team if this can become an issue in future and actually block you embed if you embed on file:// URL.

James
Liz
john.desborough
3 people like this
  • James
    James
  • Liz
    Liz
  • john.desborough
    john.desborough
mathio-tf
Typeform
Forum|alt.badge.img+5
  • mathio-tf
  • Typeform
  • 888 replies
  • Answer
  • February 22, 2024

@deepak_ab Eventually, we would like to start blocking embeds like this. However we can't really give any date, as this has been on stand-by for now. Sorry for not being able to be more precise.

So while your embed on file:// URL will work for now, it will stop working in future. I suggest you embed your form on one of the supported hosts.

Liz
john.desborough
Grace
4 people like this
  • Liz
    Liz
  • john.desborough
    john.desborough
  • Grace
    Grace
  • D
    deepak_ab
D
Forum|alt.badge.img
  • deepak_ab
  • Author
  • Explorer
  • 5 replies
  • February 22, 2024

Thanks @mathio 

I will host the embedded form.

Liz
mathio-tf
Grace
3 people like this
  • Liz
    Liz
  • mathio-tf
    mathio-tf
  • Grace
    Grace
Liz
Community Team
Forum|alt.badge.img+5
  • Liz
  • Tech Community Advocate
  • 15018 replies
  • February 23, 2024

Let us know how it goes, @deepak_ab !

Life is a series of awkward moments separated by snacks.
D
Forum|alt.badge.img
  • deepak_ab
  • Author
  • Explorer
  • 5 replies
  • February 23, 2024

I hosted the page and now there is no console error or warning.

Thanks

mathio-tf
Grace
2 people like this
  • mathio-tf
    mathio-tf
  • Grace
    Grace
Liz
Community Team
Forum|alt.badge.img+5
  • Liz
  • Tech Community Advocate
  • 15018 replies
  • February 26, 2024

Glad to hear it, @deepak_ab ! Let us know if there’s anything else we can help with. 😀

Life is a series of awkward moments separated by snacks.

Reply


Still need help?

Don't be shy and ask the community.

Ask your question here!
Community T&Cs