Refused to load the script.
To let the widget work, add the Sleekplan domains below to the matching directives in your policy.
This only applies if your site actively enforces a CSP (a
Content-Security-Policy header or <meta http-equiv="Content-Security-Policy"> tag). Most sites do not, and the widget works without any changes. If you are unsure, you probably do not have one.Required directives
Add these sources to your existing policy. If you do not already declare a given directive, you only need to add it if your policy sets a restrictivedefault-src.
| Directive | Sources to allow |
|---|---|
script-src | 'unsafe-inline' blob: https://client.sleekplan.com https://api-client.sleekplan.com https://storage.sleekplan.com |
style-src | 'unsafe-inline' https://client.sleekplan.com https://storage.sleekplan.com |
connect-src | https://api-client.sleekplan.com https://ingest.sleekplan.com https://storage.sleekplan.com |
img-src | blob: data: https://client.sleekplan.com https://storage.sleekplan.com |
font-src | https://storage.sleekplan.com |
frame-src | 'self' |
Example policy
A completeContent-Security-Policy header that allows the widget looks like this (combine it with your own existing sources):
Standalone portal on a custom domain
If you host your feedback portal on your own domain instead of embedding the widget, the CSP is served by Sleekplan and you can extend it from the portal settings. That is a separate flow: see Add custom CSP rules.Next steps
Back to install overview
The snippet, user identification, and other platforms.
Custom domain
Host your feedback portal on your own subdomain.
