Help Center

Improved

Newsletter

Product suite

Support suite

💡 Share your ideas

feedback

In Review

Awaiting clarification

Planned

ASAP

In Progress

Partially Completed

Already exists

Completed

Canceled

Beta

Follow the development progress of our entire platform.

Next up

Done

Universal Roadmap

Follow the development progress of our Support platform:

Backlog

Support Roadmap

Follow the development progress of our Feedback product:

Feedback Roadmap

Follow the development progress of our Help Center product:

Help Center Roadmap

Follow the development progress of our Changelog product:

Changelog Roadmap

Follow the development progress of our Survey product:

Survey Roadmap

Follow the development of our integrations:

Integrations

Please tell us what we can do to make Featurebase the best product for you.

Share your product feedback!

Hey {name|there}! 👋

Currently, the Featurebase SDK is built in such a way that it’s really hard to get it work in environments with strict CSP. <div data-type="horizontalRule"><hr></div><h3>Original post:</h3>We’ve integrated the Featurebase Changelog widget on our site by following this article: <a target="_blank" rel="noopener noreferrer nofollow" class="link" href="https://help.featurebase.app/en/articles/3449376-install-changelog-widget">https://help.featurebase.app/en/articles/3449376-install-changelog-widget</a>However it’s falling foul of our CSP, and from what we can tell this seems to be because it’s injecting some inline styles.We can overcome this by adding <code>'unsafe-inline'</code>to<code>style-src</code>, but that’s <a target="" rel="noopener noreferrer nofollow" class="link" href="https://content-security-policy.com/unsafe-inline/">said to be an anti-pattern</a>.What’s best practice when it comes to CSP for allowing the Changelog widget?

Featurebase

Support stricter CSP in Featurebase.

Original post:

Subscribe to post

Subscribe to post