CSP for AWeber Email Forms: A Real-World Fix
AWeber form embeds are the kind of thing teams paste into production on a Friday afternoon and only think about again when signups mysteriously stop working. I’ve seen this pattern a lot: the site starts with a pretty solid Content Security Policy, marketing drops in an email signup form, and suddenly the browser console fills with CSP violations. The usual reaction is to loosen the policy until the errors disappear. That works, but it also trashes the point of having CSP in the first place. ...