mirror/formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2026-05-20 03:07:53 -05:00
Code Issues Packages Projects Releases 177 Wiki Activity

fix: load survey script directly via src instead of blob URL

Browse Source 
Fixes FORMBRICKS-TQ

The blob URL approach was being blocked by CSP which doesn't include 'blob:'
in script-src directive. Simplified to load script directly via src attribute:
- Works with existing CSP ('self' is allowed)
- No need for fetch, blob URLs, or eval
- Properly executes and initializes window.formbricksSurveys
- Adds cache-busting in development for fresh script loads
This commit is contained in:
Cursor Agent
2026-03-18 13:05:54 +00:00
parent 1eba663294
commit 893384a19d
1 changed files with 11 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/web/modules/ui/components/survey/index.tsx
+11 -21
View File
@@ -40,34 +40,24 @@ export const SurveyInline = (props: Omit<SurveyContainerProps, "containerId">) =
isLoadingScript = true;
try {
const scriptUrl = props.appUrl ? `${props.appUrl}/js/surveys.umd.cjs` : "/js/surveys.umd.cjs";
const response = await fetch(
scriptUrl,
process.env.NODE_ENV === "development" ? { cache: "no-store" } : {}
);
if (!response.ok) {
throw new Error("Failed to load the surveys package");
}
const scriptContent = await response.text();
// Create a blob URL from the script content and load it via script src
// This ensures the script executes properly and initializes window.formbricksSurveys
const blob = new Blob([scriptContent], { type: "application/javascript" });
const blobUrl = URL.createObjectURL(blob);
// Wait for the script to load before proceeding
// Load the script directly via src to ensure proper execution
// This approach works with CSP and doesn't require blob URLs or eval
await new Promise<void>((resolve, reject) => {
const scriptElement = document.createElement("script");
scriptElement.src = blobUrl;
scriptElement.src = scriptUrl;
scriptElement.type = "text/javascript";
// Add cache-busting in development to ensure fresh script loads
if (process.env.NODE_ENV === "development") {
scriptElement.src += `?t=${Date.now()}`;
}
scriptElement.onload = () => {
// Clean up the blob URL after script loads
URL.revokeObjectURL(blobUrl);
resolve();
};
scriptElement.onerror = () => {
URL.revokeObjectURL(blobUrl);
reject(new Error("Failed to execute the surveys script"));
reject(new Error("Failed to load the surveys package"));
};
document.head.appendChild(scriptElement);