Activate Sided by Adding the Sided script

Created by Adam Viccaro, Modified on Mon, 28 Jul at 12:18 PM by Adam Viccaro

To activate Sided on your site, add the following javascript to the <head> tag of your website for any pages where you'd like polls to render.


<script type="module" src="https://embed-v2.sided.co/assets/index.js"></script>


Once this code is active, you may add any poll embed or placement code to the page and the poll should render. 



Content Security Policy (CSP) Integration Guide

To securely embed Sided polls and discussions on a site that uses Content Security Policy (CSP), you must explicitly allowlist our script and asset domains.

This ensures the widget loads and functions properly without compromising your site's security posture.


Required CSP Directives

Please add the following directives to your CSP header or meta tag:

Content-Security-Policy:  script-src 'self' https://embed-v2.sided.co https://cdn.sided.co;  style-src 'self' https://cdn.sided.co 'unsafe-inline';  connect-src https://api.sided.co https://www.gstatic.com;  img-src 'self' data: https://cdn.sided.co;

Directive Breakdown

DirectivePurpose
script-srcAllows loading the Sided embed code and module chunks
style-srcAllows Sided styles to load (fonts, widget layout, etc.)
connect-srcEnables API calls to api.sided.co and Firebase (for analytics)
img-srcAllows avatars or content images from cdn.sided.co

Notes

  • Sided’s new embed uses ES modules, which require explicit domain allowlisting (type="module" will not load if blocked).

  • If your policy is nonce-based, we can provide a special embed version that accepts a dynamic CSP nonce.

  • We do not require unsafe-eval or unsafe-inline for scripts — only styles may currently require 'unsafe-inline'.


Domains to Allow

Make sure the following domains are allowlisted in your CSP:

DomainReason
https://embed-v2.sided.coMain ES module loader
https://cdn.sided.coWidget CSS, fallback assets
https://api.sided.coBackend for polls, analytics
https://www.gstatic.comFirebase analytics (optional)

Example CSP Meta Tag (for HTML)

<meta http-equiv="Content-Security-Policy"  content="script-src 'self' https://embed-v2.sided.co https://cdn.sided.co;           style-src 'self' https://cdn.sided.co 'unsafe-inline';           connect-src https://api.sided.co https://www.gstatic.com;           img-src 'self' data: https://cdn.sided.co;">

Need Help?

If you use a strict or advanced CSP setup (e.g. nonce-based), contact us at dev@sided.co and we’ll provide a custom integration or nonce-compatible loader.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article