RAG won't populate to Qualtrics
As part of academic research, the Institutional Review Board needs to make sure that data is secured safely. We had run it on our personal server but that may post issues in terms of cookies (that's what was told to us). So, I am needing a RA tool created similarly to Gemini which we will use as part of the survey. Survey asks many questions then the chatbot should be embedded within the survey in Qualtrics where participants will enter their prompts for RAG to provide responses based on one document on HR policies. And once they are done with the prompts, we need them to continue within the survey to answer a few more questions to avoid attrition issues. We developed the script but Qualtrics told us that the script is wrong. My entire research project is in jeopardy now because of this limitation. We tested the script and it works. I am hesitant to post it on here as it will be used for academic research purposes.
I am so incredibly heartbroken over this issue that I do not even know what to do. The programmer who had worked on scripting the RAG seems to be having difficulties fixing whatever the issue may be. Is there any way you can help us get this project off the ground please? RAG tool is the only (and main) component that we are missing...
It is highly preferable by the university for the software to be pre-approved by them, this is the reason we are utilizing Qualtrics. If there's another way to do this better and still protect the security of the data, that would be fantastic. At the end of the day, if Qualtrics is not feasible, I'd need a very strong argument for using a different server or software.
The chatbot needs to be embedded on the Qualtrics survey to avoid attrition issues as I need at least 200 complete responses for the study.
The tech stack that is being currently used is the JavaScript code is pointing to an AnythingLLM container on a private server.
Qualtrics told us the script is wrong but we have tested it on our end and it works just fine, hence the complete confusion. The actual script is in your LinkedIn messages from me as I am hesitant to post it on here to avoid survey contamination by subscribers... Any help would be greatly appreciated please.
I am so incredibly heartbroken over this issue that I do not even know what to do. The programmer who had worked on scripting the RAG seems to be having difficulties fixing whatever the issue may be. Is there any way you can help us get this project off the ground please? RAG tool is the only (and main) component that we are missing...
It is highly preferable by the university for the software to be pre-approved by them, this is the reason we are utilizing Qualtrics. If there's another way to do this better and still protect the security of the data, that would be fantastic. At the end of the day, if Qualtrics is not feasible, I'd need a very strong argument for using a different server or software.
The chatbot needs to be embedded on the Qualtrics survey to avoid attrition issues as I need at least 200 complete responses for the study.
The tech stack that is being currently used is the JavaScript code is pointing to an AnythingLLM container on a private server.
Qualtrics told us the script is wrong but we have tested it on our end and it works just fine, hence the complete confusion. The actual script is in your LinkedIn messages from me as I am hesitant to post it on here to avoid survey contamination by subscribers... Any help would be greatly appreciated please.
Hi Fagana. I think I know what's wrong. The reason Qualtrics is blocking the widget is because the chat file is loading from a URL that’s not on Qualtrics’s approved-domain list (*.ngrok-free.app is not allowed), so the browser refuses to run it. That's why it works when you test it on your end, but not when on Qualtrics. See Qualtrics’s allow list here:
https://www.qualtrics.com/support/getting-started-qualtrics/allowlisting-external-domains-for-qualtrics-use/#DomainList
There is often overlap between the network allow-list IT needs for your university to use Qualtrics as well as the Content-Security-Policy (CSP) allow list that Qualtrics sends with every survey page. The purpose of this is it tells the browser which external origins are allowed for script-src, img-src, connect-src, frame-src, etc.
The good news is, instead of ngrok you can use unpkg.com which is an already-approved host for the file on that list.
If you publish the chat-widget file to unpkg, Qualtrics will load it without complaint (assuming the CSP allow list hasn't been tightened beyond the default). Your research data still flows only to your university server and unpkg just delivers the static file.
This is what I'd do:
- Ask Qualtrics's technical support team if it's a permissions issue with ngrok-free.app in the code and if the whitelisted unpkg.com would fix this issue. If so;
- Ask your developer to bundle the chat widget into a single “.min.js” file, which I believe is already available on anythingllm.
- Publish that file to npm (it shows up automatically on https://unpkg.com/…) Publishing to npm/unpkg exposes only the static JavaScript file, not any participant data or credentials.
- Change the src in your Javascript so it points to the unpkg URL instead of the ngrok URL.
These steps avoid rewriting your RAG logic, keep everything inside the Qualtrics flow, widget’s API calls and data will still go to the university server and satisfy the security review with no third-party cookies or trackers added. Let your developer handle the publish-to-unpkg step, once that URL is live, swap it into the survey and test again.
If this doesn't fix the issue, we need to look for another error message.
In Qualtrics click Preview so the survey loads in a new tab. Right-click anywhere on the page and choose Inspect to open developer tools. This tab shows all warnings and errors produced while the page loads. Refresh the page, this will run every script again and re-print any security errors / warnings. Check both console and network tabs for error messages, keep an eye out for a CSP error. That should point to the exact issue. May be worth doing this before trying the unpkg fix. If there are no errors, if you haven't already, ask Qualtrics if they can elaborate on why the provided Script is wrong even though it runs fine when tested on your end.
Hope this helps! :)
https://www.qualtrics.com/support/getting-started-qualtrics/allowlisting-external-domains-for-qualtrics-use/#DomainList
There is often overlap between the network allow-list IT needs for your university to use Qualtrics as well as the Content-Security-Policy (CSP) allow list that Qualtrics sends with every survey page. The purpose of this is it tells the browser which external origins are allowed for script-src, img-src, connect-src, frame-src, etc.
The good news is, instead of ngrok you can use unpkg.com which is an already-approved host for the file on that list.
If you publish the chat-widget file to unpkg, Qualtrics will load it without complaint (assuming the CSP allow list hasn't been tightened beyond the default). Your research data still flows only to your university server and unpkg just delivers the static file.
This is what I'd do:
- Ask Qualtrics's technical support team if it's a permissions issue with ngrok-free.app in the code and if the whitelisted unpkg.com would fix this issue. If so;
- Ask your developer to bundle the chat widget into a single “.min.js” file, which I believe is already available on anythingllm.
- Publish that file to npm (it shows up automatically on https://unpkg.com/…) Publishing to npm/unpkg exposes only the static JavaScript file, not any participant data or credentials.
- Change the src in your Javascript so it points to the unpkg URL instead of the ngrok URL.
These steps avoid rewriting your RAG logic, keep everything inside the Qualtrics flow, widget’s API calls and data will still go to the university server and satisfy the security review with no third-party cookies or trackers added. Let your developer handle the publish-to-unpkg step, once that URL is live, swap it into the survey and test again.
If this doesn't fix the issue, we need to look for another error message.
In Qualtrics click Preview so the survey loads in a new tab. Right-click anywhere on the page and choose Inspect to open developer tools. This tab shows all warnings and errors produced while the page loads. Refresh the page, this will run every script again and re-print any security errors / warnings. Check both console and network tabs for error messages, keep an eye out for a CSP error. That should point to the exact issue. May be worth doing this before trying the unpkg fix. If there are no errors, if you haven't already, ask Qualtrics if they can elaborate on why the provided Script is wrong even though it runs fine when tested on your end.
Hope this helps! :)
COMMENT
By Leon Petrou
Join a community that helps you automate your repetitive work with AI agents - and get your valuable time back!
