Manage CORS with the Salesforce Interactions SDK Launcher
The Salesforce Interactions SDK Launcher is a Google Chrome extension that supports launching the Marketing Cloud Personalization Visual Editor on any domain. You can install this extension from the Chrome Web Store.
If you have the legacy Evergage Visual Editor Chrome extension installed, you must disable it for the Salesforce Interactions SDK Launcher to work correctly.
- The value of the
default-srcdirective must include'https://cdn.evergage.com'. - If you're using
media-src,script-src,img-src, orstyle-srcdirectives in place ofdefault-src, then each directive must include'https://cdn.evergage.com'in their values. - If the policy includes the
frame-ancestorsdirective, the value must include'self'. (Generally, if this directive is in use, its value is set tonone, which prevents the Visual Editor from framing in your page.)
X-Frame-Options must be set to SAMEORIGIN which allows the page to be displayed within an <iframe>, provided that the parent/frame domains are of the same origin.
Some pages utilize other methods of blocking the loading of unknown resources. If your page restricts the loading of scripts or assets to specific domains in different ways, you must allowlist https://cdn.evergage.com.
To ensure that the Salesforce Interactions SDK Launcher extension works correctly, check and configure the following extension and browser settings.
- Access
chrome://extensionson Google Chrome- Select Details on the Salesforce Interactions SDK Launcher tile
- Set Set Access to On all site
- Access
chrome://settings/cookieson Google Chrome- Disable Block third-party cookies
- Salesforce Developers: Content Security Policies and Personalization JavaScript Beacon Directives
- External Link: MDN Web Docs:
Content-Security-Policy