Error console

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author microsoftclarity

    (@microsoftclarity)

    4 years, 5 months ago

    Could you please share link to your website page where the issue happening.

    Thread Starter Chuckie

    (@ajtruckle)

    4 years, 5 months ago

    Hi

    Example:

    https://www.publictalksoftware.co.uk/

    I see these clarity comments in the console.

    Plugin Author microsoftclarity

    (@microsoftclarity)

    4 years, 5 months ago

    looked at the console, and here’s why this is happening:
    1) The site publictalksoftware.co.uk is sending CSP rules from headers:

    2) This means that every time a resource outside of ~w.org or ~gravatar.com is loaded, browser reports (and NOT blocks) that a external resource is loaded:

    3) Since Clarity is not part of the current CSP policy, it shows up in console but the network traffic does continue as expected. To fix this, please guide the user to: https://docs.microsoft.com/en-us/clarity/clarity-csp

    That will fix the issue with Clarity. For other report errors, you can do something similar for Google & Facebook requests too.

    Thread Starter Chuckie

    (@ajtruckle)

    4 years, 5 months ago

    Thank you. I think this issue is now resolved.

    Thread Starter Chuckie

    (@ajtruckle)

    4 years, 5 months ago

    Hi
    I still seem to have issues:

    56b83b3s0r?ref=wordpress:1

    [Report Only] Refused to load the script ‘https://f.clarity.ms/s/0.6.31/clarity.js’ because it violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ data: http://www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com translate.googleapis.com translate.google.com”. Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.

    I don’t know if this is a caching issue because I am trying in MS Edge and I have checked my security header settings:

    # content-security-policy
  Header set Content-Security-Policy-Report-Only "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.clarity.ms https://c.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com translate.googleapis.com translate.google.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com translate.googleapis.com; img-src 'self' data: s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com www.google-analytics.com stats.g.doubleclick.net translate.googleapis.com translate.google.com www.google.com www.gstatic.com i.ytimg.com; connect-src 'self' www.google-analytics.com translate.googleapis.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' data: www.youtube.com; child-src 'self' data: www.youtube.com;"
    Thread Starter Chuckie

    (@ajtruckle)

    4 years, 5 months ago

    Ok, now I do think it is resolved! I added the settings to the wrong bit.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Error console’ is closed to new replies.