Hello,

Not sure if it will work, but I know that it's possible to also define some exceptions to the CSP directives. It's either from Service Center or LifeTime and under security settings you should find some text boxes where you can define these exceptions.

Regards,

Bogdan

Thanks Bogdan 

I am reading this lesson 

https://www.outsystems.com/training/lesson/1135/javascript-and-jquery-in-traditional-web-applications

and find another way to import , but the isue is other now, i am checking this, with the our system administrator.

Firebase is working but the site is block

1. Content Security Policy of your site blocks some resources because their origin is not included in the content security policy header

   1. The Content Security Policy (CSP) improves the security of your site by defining a list of trusted sources and instructs the browser to only execute or render resources from this list. Some resources on your site can't be accessed because their origin is not listed in the CSP.

      To solve this, carefully check that all of the blocked resources listed below are trustworthy; if they are, include their sources in the content security policy of your site. You can set a policy as a HTTP header (recommended), or via an HTML <meta> tag.

      ?? Never add a source you don't trust to your site's Content Security Policy. If you don't trust the source, consider hosting resources on your own site instead.

   2. AFFECTED RESOURCES

      1. 3 directives

         1. Resource	Status	Directive	Source code
            https://www.googletagmanager.com/gtag/js?l=dataLayer	blocked	script-src-elem	firebase-analytics.js:1
            https://firebase.googleapis.com/v1alpha/projects/-/apps/1:277891544804:web:53d5a72c6bce04038e9ef1/webConfig	blocked	connect-src	firebase-analytics.js:1
            	blocked	connect-src	firebase-analytics.js:1

   3. 
      
      • Learn more: Content Security Policy - Source Allowlists
      •