CDN hosted assets
Your app's assets are hosted on a CDN and you see the following warning message in the browser's web console:
Cross-domain or eval script error detected, error ignored
This is normal browser behaviour and is a consequence of the Same-Origin Policy, a security measure designed to protect your users from Cross-Site Request Forgery (CSRF) attacks. Luckily, this is a fairly easy problem to remedy. First, on your CDN, add a cross-origin (CORS) header:
In your app, make sure the
Or if you are using a Rails helper:
Content Security Policy (CSP)
Your Application's content Security Policy might prevent the error tracking library from sending data to our
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware.
Make sure to add
https://appsignal-endpoint.net to your Content Security Policy header, if present.
With just AppSignal in the header:
Content-Security-Policy: connect-src 'self' https://appsignal-endpoint.net
Or, with other content in the header:
Content-Security-Policy: <other_content>; connect-src 'self' https://appsignal-endpoint.net