Troubleshooting DocAccess

If DocAccess reports the script is not installed:

• Try inspecting the page yourself by clicking "View Source" in your browser and search for docaccess.com.

• If you used the dynamic JavaScript approach, the script won't appear in the source code but should still work. Check the browser's Developer Console (F12) to see if docbox.js is loaded.

• Check that you've saved/published your changes.

• If you're sure you've added in the right spot, but it's not showing up, try editing content on your homepage. This can reset the page cache and cause it to update.

• Wait 5 to 10 minutes for CDN caches to update, if your website uses a CDN.

If clicking on PDFs doesn't open the accessible viewer:

• Ensure the documents have been uploaded to DocAccess.

• Check that the documents are enabled in your dashboard.

• Verify your domain is correctly configured.

• Try a hard refresh (CTRL+F5 or Cmd+Shift+R).

• Check the browser console for any JavaScript errors.

• Contact DocAccess support for assistance.

If you used the dynamic JavaScript approach and it's not working:

• Make sure the code is wrapped in <script> tags if required by your platform (such as Google Tag Manager).

• Check for syntax errors, ensure all parentheses and curly braces are properly closed.

• Verify the script URL is exactly: https://docaccess.com/docbox.js.

• Check the browser's Developer Console (F12) for any error messages.

• Some platforms may require the code to be in a specific format. Contact support if you need help.

If your site seems slower after installation:

• The DocAccess script loads asynchronously and shouldn't impact page load on your site.

• If large documents are loading slowly, the DocAccess support team can show you some tricks to accelerate loading, including using 'Safe mode' which uses compressed images for the print-friendly version. However, DocAccess generally adapts to performance conditions and should always be snappy. Please report any problems to DocAccess support.

• Check for conflicts with other JavaScript libraries or browser plugins.

• Contact Support if issues persist.

If your browser's developer console shows an error mentioning "Content Security Policy directive", your website has a CSP that's blocking DocAccess. The exact wording depends on which part is being blocked:

• Helper script blocked: "Loading the script 'https://docaccess.com/docbox.js' violates the following Content Security Policy directive: 'script-src ...'"

• Document viewer blocked: "Framing 'https://docaccess.com/' violates the following Content Security Policy directive: 'frame-src ...'. The request has been blocked."

• API calls blocked: "Refused to connect to 'https://docaccess.com/api/...' because it violates the following Content Security Policy directive: 'connect-src ...'"

What is Content Security Policy?

CSP is a security feature that restricts which external resources can run on your website. It's commonly used by enterprise CMS platforms like CivicPlus, Granicus, and ProudCity to prevent unauthorized code injection. Each directive controls a different category of resource, scripts, frames (iframes), network requests, images, and so on, and any source not explicitly listed is blocked.

Solution: Add DocAccess to Your CSP Allowlist

Your website administrator or CMS vendor needs to add DocAccess to three CSP directives. Request that they update the CSP header to include:

script-src ... https://docaccess.com https://*.docaccess.com; frame-src ... https://docaccess.com https://*.docaccess.com; connect-src ... https://docaccess.com https://*.docaccess.com;

Each directive serves a specific purpose:

• script-src: allows loading the docbox.js helper script that finds PDF links on your pages.

• frame-src: allows the accessible document viewer (docviewer.html) to load inside the lightbox iframe when a user clicks a PDF. Without this, clicking a document does nothing, and a CSP error appears in the console.

• connect-src: allows the helper script to call DocAccess APIs to check which documents are processed and ready.

Note:

frame-ancestors: This is a different directive that controls who can embed your site in an iframe, it does not affect DocAccess. You only need to update script-src, frame-src, and connect-src.

Email Template for Your CMS Vendor

Copy and send this to your website support team:

Subject: Request to add DocAccess to Content Security Policy

Hello,

We are implementing DocAccess (docaccess.com) for PDF accessibility compliance on our website. DocAccess is currently being blocked by our Content Security Policy. Depending on the page, our browser console shows errors referencing the script-src, frame-src, and/or connect-src directives.

Please update our CSP headers to allow DocAccess across all three relevant directives:
- script-src: https://docaccess.com https://*.docaccess.com
- frame-src: https://docaccess.com https://*.docaccess.com
- connect-src: https://docaccess.com https://*.docaccess.com

These cover the helper script (script-src), the accessible document viewer iframe (frame-src), and the API calls the helper script makes to identify processed documents (connect-src).

DocAccess is a trusted accessibility service used by government agencies to make PDF documents accessible to users with disabilities. 

If you need to quickly disable DocAccess on a specific page (for example, if it's causing a conflict), you can add a "killswitch" element to that page:

<div id="docaccess-disable-this-page"></div>

This element can be placed anywhere on the page and will prevent DocAccess from loading. It's useful for:

• Quickly disabling DocAccess while troubleshooting an issue

• Pages where DocAccess conflicts with other scripts

• Temporary workaround until a permanent fix is applied

Note:

For a permanent solution, you can also exclude specific paths in your DocAccess domain settings. Contact support for help with path exclusions.