CSP for Fillout Forms
If you embed Fillout on a site with a real Content Security Policy, you’ll usually hit one of two problems fast: the form iframe gets blocked the form loads, but some supporting requests fail silently This is normal. CSP is doing its job. The trick is knowing which directives matter for Fillout and which ones don’t. A lot of developers throw https: into half the policy and call it done. That works, but it defeats the point of having CSP in the first place. ...