Domain changes causing CSP issue, breaking embeds

As of today, we’re seeing our embed failing due to a Content-Security-Policy/CSP error,

bundle.js:29 Refused to connect to 'https://pickaxeproject--v2-core-core-main.modal.run/pickaxe?formid=

I assume modal.run is part of pickaxe’s underlying infrastructure (modal.com?) We were about to go live with our chat assist in our web app, and are now delayed until we release the updated CSP.

Is there any way to sign up to be notified of these sorts of changes in advance? Otherwise changes like this will break any embed on a site following good security practices. Changes to our CSP involve a release & QA cycle, so relative stability and advance notice is critical if we want to use pickaxe.

Apologies in advance if there’s already a way to know these are coming, if so I’d love to hear about it. Alternatively, if there’s any best practice to avoid the issue, that’d be great to know.

Hi @jrosenthal,

To debug further, mind providing the link to your embed?

Hi @stephenasuncion ,

Not quite sure what you mean by the link to the embed. The embed is only going to be used on a login restricted system. Does the deployment ID work, or do you need an actual example of it running?

Check your DM for the ID

Update, I discussed this with Nathaniel on today’s office hours. All set.

1 Like