Skip to main content
Gainsight Inc.

Using PX with Content Security Policy (CSP)

Does your product use a Content Security Policy (CSP) in your codebase? This document defines the steps to take to allow Gainsight PX functionality with your CSP.

Some web products include a Content-Security-Policy HTTP header in the web application, this helps detect & mitigate certain types of attacks such as XSS and code or data injection by instructing the browser to only execute or render resources from trusted sources. The CSP allows you to create a whitelist of sources of trusted content.

If your web application uses a Content Security Policy (CSP) in HTTP headers or a <META> tag, you must update it to allow Gainsight PX functionality, otherwise, you may see an error like this in your Google Developer Tools or Firefox Developer Tools.

 Refused to execute because it violates the following Content Security Policy directive...

Modify your CSP

In order to take advantage of PX's tracking and engagement experiences, your web application's Content Security Policy (CSP) must include the following directives:

NOTE: If your website already has a CSP, simply add the below to your existing directives. 

script-src *; style-src * 'unsafe-inline'; img-src *; connect-src *; font-src; script-src *; style-src * 'unsafe-inline'; img-src *; connect-src *; font-src;
  • Was this article helpful?