manueltomasir

hey just wanting to loop back on this to see if anyone else is able to provide any additional insight...Having an issue with the Facebook Chat plugin script being blocked by safari only on a SS4 site. I am using it on my other SS3 site with no problems, but on the SS4 site, i'm getting the following error

Refused to load https://www.facebook.com/v3.3/plugins/customerchat.php?app_id=&attribution=setup_tool&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D44%23cb%3Df1e39fc12169528%26domain%3Dwww.greatwestradon.com%26origin%3Dhttps%253A%252F%252Fwww.greatwestradon.com%252Ff2b1d5461dc26e6%26relation%3Dparent.parent&container_width=0&locale=en_US&logged_in_greeting=Hi!%20Feel%20free%20to%20ask%20us%20a%20question%20as%20you%20explore!&logged_out_greeting=Hi!%20Feel%20free%20to%20ask%20us%20a%20question%20as%20you%20explore!&page_id=774170459596443&sdk=joey&theme_color=%23009bd1 because it does not appear in the frame-ancestors directive of the Content Security Policy.

I've tried using firesphere's CSP module, to no avail, i've tried setting the CSP header via meta tags and via htaccess, to no avail...

I just can't make sense of why this is not an issue in SS3 but is in SS4, in the same server environment setup

Someone please help if you can!

manueltomasir

you guys see anything wrong with this? i'm getting a 500 on ths

manueltomasir

Header set Content-Security-Policy "default-src 'self'; script-src *; frame-ancestors http://www.facebook.com";

manueltomasir

oh i'm all for learning, but not when it's breaking functionality on a client's website

manueltomasir

doesn't help my case...since i'm not well versed in this CSP stuff