Some websites don't allow that resources from a different domain than that of itself are being loaded. If you want your website to have Mopinion feedback forms it can be necessary to add HTTP headers. For more information on Content Security Policy headers please see https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP.

Content Security Policy header

Below you will find the domain Mopinion uses and an example of how this should be defined in Nginx.

type domains extra
script-src https://*.mopinion.com 'unsafe-eval' 'unsafe-inline'
style-src https://*.mopinion.com
frame-src https://*.mopinion.com
connect-src http://*.mopinion.com
font-src 'self' data: *.mopinion.com

 

Example in Nginx:

add_header Content-Security-Policy "script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.mopinion.com; style-src 'self' https://*.mopinion.com; frame-src https://*.mopinion.com; connect-src http://*.mopinion.com; font-src 'self' data: *.mopinion.com;";

 

CORS header

<IfModule mod_headers.c>
<FilesMatch "\.(ttf|ttc|otf|eot|woff| woff2|font.css|css|js)$">
Header set Access-Control-Allow-Origin "*.mopinion.com"
</FilesMatch>

For more information on Cross-Origin Resource Sharing please see https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS