As explained – shopify buy button simply won’t run. Getting a csp error. This is not my site and I’m not knowledgable enough about the back end of this world to figure this out. I’ve tried installing file manager and it also says invalid backend, so surely I’m not sure where the root folder to work out this csp issue. Any help would be so appreciated. Here’s what i’m getting –
​
EDIT:
I’ve tried using a chrome csp builder and populating the wordpress CSP policy manager with that info, but it has no change, leading me to believe the CSP issue is coming from something in the root files of some sort but again, no luck on file manager.
​
Refused to load the script ‘[https://sdks.shopifycdn.com/buy-button/latest/buy-button-storefront.min.js]’ because it violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ \*.cloudfront.net \*.wp.com \*.amazonaws.com \*.cloudflareinsights.com \*.jazz.co \*.pixel.ad \*.moatads.com \*.addthisedge.com \*.addthis.com \*.twitter.com \*.zoominfo.com \*.buildout.com \*.jquery.com \*.exploretock.com \*.peek.com \*.stripe.com \*.ctctcdn.com \*.cloudflare.com \*.twimg.com \*.tiqcdn.com \*.doubleclick.net \*.bing.com \*.facebook.net \*.googleadservices.com \*.rlets.com \*.placelocal.com \*.google-analytics.com \*.typekit.net \*.vimeo.com \*.google-analytics.com \*.googleapis.com \*.youtube.com \*.azureedge.net \*.google.com \*.gstatic.com \*.googletagmanager.com \*.linkedin.com [https://buildout.com]) [https://s7.addthis.com/js/250/addthis\_widget.js]) [https://mediacomcable.com]) data:”. Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.
[ad_2]
Ask the host to allow the Shopify domain in the CSP rule. You could probably also add it via the htaccess file.