ecwid-api-docs icon indicating copy to clipboard operation
ecwid-api-docs copied to clipboard
verified publisher icon Ecwid

JavaScript won't load when Trusted Types header is present

Open tmb-github opened this issue 4 years ago • 0 comments

My site uses the Trusted Types Content Security Policy, as detailed here:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/trusted-types

and:

https://web.dev/security-headers/#tt

Specifically, my site sends out this CSP header: require-trusted-types-for 'script';

It prevents the Ecwid JavaScript from executing. Please update the JavaScript to allow for this. (Google Analytics and Universal Tracking have been revised to account for this header...it's gaining a lot of traction.) Many thanks! Untitled

tmb-github avatar Oct 24 '21 18:10 tmb-github