How I fixed this Next.js error: Refused to load the script ‘some_script_url’ because it violate the following Content Security Policy directive
Recently, I migrated my portfolio website: ramunarasinga.com to Next.js using leerob.io template and wanted to integrate Microsoft clarity with Next.js.
At first, I directly copied the script and pasted it in the head tag in layout.tsx and got the following error:
I overlooked the fact that this error is related to Content Security Policy and thought this has to do with me not using Script from Next.js, so I followed along with the steps provided in How to setup Google Analytics and Microsoft Clarity with Nextjs.
I particularly liked the metrics folder structure since this way you could add more external analytics integrations into your app. This medium article uses Script tag. I add these changes and refresh my dev server only to find this error still exists.
Never assume an error without looking at the error message, re-read the error message completely before you make assumptions.
Error message:
Refused to load the script ‘https://www.clarity.ms/tag/' because it violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’ cdn.vercel-insights.com vercel.live va.vercel-scripts.com”. Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.
Fix:
Approach 1: Relying on my hunch
Looking at the error, the only spot where I could find the following code from error message is in next.config.mjs
"script-src 'self' 'unsafe-eval' 'unsafe-inline'
cdn.vercel-insights.com vercel.live va.vercel-scripts.com"

I would choose approach 2 because I would then have made an informed decision after reading the documentation and finding the right way to fix CSP related issues.
For more information, refer to this stackoverflow question.
Conclusion:
Never assume an error is because of X or Y without reading the error message completely, this can save you a significant amount of time. In order to get the Microsoft Clarity integration work with your Next.js app, you need to update a directive in next.config.mjs to allow requests made to clarity.ms
About me:
Hey, my name is Ramu Narasinga. I study large open-source projects and create content about their codebase architecture and best practices, sharing it through articles, videos.
I am open to work on interesting projects. Send me an email at ramu.narasinga@gmail.com
My Github — https://github.com/ramu-narasinga
My website — https://ramunarasinga.com
My Youtube channel — https://www.youtube.com/@ramu-narasinga
Learning platform — https://thinkthroo.com
Codebase Architecture — https://app.thinkthroo.com/architecture
Best practices — https://app.thinkthroo.com/best-practices
Production-grade projects — https://app.thinkthroo.com/production-grade-projects
References:
-
https://stackoverflow.com/questions/77205324/content-security-policy-for-microsofts-clarity
-
https://stackoverflow.com/questions/63667754/problem-with-content-security-policy-next-js-and-amp
-
https://nextjs.org/docs/app/building-your-application/configuring/content-security-policy
-
https://github.com/vercel/next.js/blob/canary/examples/with-strict-csp/middleware.js
-
https://learn.microsoft.com/en-us/clarity/setup-and-installation/clarity-csp
-
https://medium.com/@victorhcharry/short-how-to-integrate-google-analytics-and-microsoft-clarity-with-nextjs-6174952f218c
-
https://nextjs.org/docs/pages/api-reference/components/script