Answered

Error Content Security Policy directive

  • 29 January 2024
  • 10 replies
  • 119 views
D
Userlevel 1
Badge

I want to embed the Typeform in my Flutter app (Android and iOS). I need to listen the onSubmit callback so that Typeform can be closed once it is submitted.

I used the approach mentioned here:

 

<!DOCTYPE html>
      <html>
        <head>
          <meta charset="utf-8" />
          <meta name="viewport" content="width=device-width, initial-scale=1.0">
          <style>
            * {
              margin: 0;
              padding: 0;
            }
            html,
            body {
              width: 100%;
              height: 100%;
            }
            #form {
              height: 100%;
              width: 100%;
              min-height: 100vh;
            }
            iframe {
              border-radius: 0 !important;
              width: 100%!important;
              height: 100vh!important;
            }
        </style>
        </head>
        <body>
          <div id='form'></div>
          <script src='https://embed.typeform.com/next/embed.js'></script>
          <script>
            window.tf.createWidget('<form-id>', {
              container: document.querySelector('#form'),
              onSubmit: (e) => {
                console.log(JSON.stringify(e));
                // send the callback to the javascript handler
                typeformAB.postMessage(JSON.stringify(e));
              }
            });
          </script>
        </body>
      </html>

 

It works fine but there is an error on console regarding the content security policy.

 

[INFO:CONSOLE(0)] "[Report Only] Refused to frame 'https://form.typeform.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' http://localhost:* capacitor: iconic: https:".

 

I believe this can create a problem in future. So how to resolve this issue?

icon

Best answer by mathio 22 February 2024, 11:18

View original

10 replies

Liz
Rank
Userlevel 7
Badge +5

Hi @deepak_ab Apologies for missing this! Tagging @mathio for some help 😀

Life is a series of awkward moments separated by snacks.
mathio
Rank
Userlevel 7
Badge +5

Hello @deepak_ab 

I am not familiar with Flutter development, however it looks like you are serving the form on unsupported host. You will need to serve it on a host that starts with one of the following:

D
Userlevel 1
Badge

@mathio understood. Is the above error an issue for me? or can I ignore this error?

D
Userlevel 1
Badge

If I open the local html file in the browser directly then also the same error message appears.

Local html file is opened as “file:///index.html”.

mathio
Rank
Userlevel 7
Badge +5

To be 100% sure this does not break in future I suggest you embed your form on one of the supported hosts.

However let me check with our security team if this can become an issue in future and actually block you embed if you embed on file:// URL.

mathio
Rank
Userlevel 7
Badge +5

@deepak_ab Eventually, we would like to start blocking embeds like this. However we can't really give any date, as this has been on stand-by for now. Sorry for not being able to be more precise.

So while your embed on file:// URL will work for now, it will stop working in future. I suggest you embed your form on one of the supported hosts.

D
Userlevel 1
Badge

Thanks @mathio 

I will host the embedded form.

Liz
Rank
Userlevel 7
Badge +5

Let us know how it goes, @deepak_ab !

Life is a series of awkward moments separated by snacks.
D
Userlevel 1
Badge

I hosted the page and now there is no console error or warning.

Thanks

Liz
Rank
Userlevel 7
Badge +5

Glad to hear it, @deepak_ab ! Let us know if there’s anything else we can help with. 😀

Life is a series of awkward moments separated by snacks.

Reply


Still need help?

Don't be shy and ask the community.

Ask your question here!
Community T&Cs