Code Injection Variables

Code Injection variables — what they do and how to use them

These variables are read by Crimson at runtime to decide how your site behaves (external links, image light-box, header behavior, theme mode, pagination, contact/social visibility, etc.).

You can change them anytime from Ghost Admin → Settings → Advanced → Code Injection → Site Header, then Change the variable value, click Save and refresh your site.

How to edit safely?

1. Change one variable at a time.

2. Save in Ghost Admin.

3. Hard refresh your site (Ctrl/Cmd + Shift + R).

4. If required, clear your cache.

5. Confirm the change worked, then move to the next variable.

Code injection variables explained

Best Practices

1) Always edit in Site Header, not Footer

Because Crimson needs the variables available before theme JS loads.

Rule of thumb

• Variables/config → Site Header

• Tracking scripts → usually OK in Header or Footer depending on provider

2) Treat Code Injection like “configuration”

Keep it clean and minimal.

Recommended structure

• One <script> block for API vars

• One <script> block for window.GLOBAL

Avoid adding unrelated scripts in between unless you know they won’t overwrite window.GLOBAL.

3) Change one thing at a time

This makes debugging easy.

Workflow

1. Change 1 variable

2. Save

3. Hard refresh

4. Validate visually + console

4) Keep defaults unless you have a reason

Defaults are chosen to fit most sites:

• Open external links in a new tab (usually better UX)

• Light-box on (visual polish)

• Auto-hide header (modern reading experience)

• System theme (best for accessibility and user preference)

5) Use correct data types (this prevents 80% of errors)

• Booleans: true, false (no quotes)

• Strings: 'system', 'load-more', URLs (quotes required)

Correct:

Incorrect:

6) Use real, secure URLs for endpoints

If you enable a contact endpoint:

• Prefer https:// .

• Ensure CORS is configured if your endpoint is on a different domain.

• Make sure your endpoint returns clear success/error responses (so you can debug easily).

Tip: If your endpoint is not ready yet, keep:

• CONTACT_ENDPOINT: '' (form stays hidden)

7) Don’t expose Admin API keys (ever)

Only use Content API key in the browser. Keep Admin API keys server-side only.

8) Version-control your “settings”

When you find a configuration you like, copy it into a safe place:

• A private Git repo / notes / password manager secure note

Why?

• Easy recovery if someone edits Code Injection incorrectly

• Easy migration from staging → production

9) If something conflicts, prefer one source of truth

If you also have custom scripts that define window.GLOBAL, you can get unpredictable results.

Best practice

• Define window.GLOBAL only once in Site Header.

• If you must manipulate it later, do:

Troubleshooting

1) “I updated variables, but nothing changed”

Most common causes: caching + not refreshing properly.

Fix checklist

1. In Ghost Admin, confirm you clicked Save in Code Injection.

2. Do a hard refresh: Ctrl/Cmd + Shift + R.

3. Test in an Incognito/Private window.

4. If you use a CDN (Cloudflare/Bunny/host caching), purge cache.

5. If you recently updated the theme, clear any server-level cache (if applicable).

Quick verification

• Right-click → View Page Source

• Search for: window.GLOBAL and GHOST_CONTENT_API_KEY

• If you don’t see them, they’re not being injected (wrong box, not saved, or cached HTML).

2) “My site looks broken / white screen / header missing after adding the snippet”

This almost always happens due to a JavaScript syntax error.

What to check

• You must have:

  • matching { and }

  • matching quotes '...'

  • commas between properties (except after the last property)

• Don’t paste “smart quotes” from editors: use normal ' or ".

Fast debug

1. Open DevTools → Console

2. Look for errors like:

   • Uncaught SyntaxError: Unexpected token

   • Uncaught ReferenceError

Recovery tip

• Temporarily remove the whole window.GLOBAL block, Save, refresh.

• Then add it back and edit one line at a time.

3) “DevTools says window.GLOBAL is undefined”

Possible reasons:

• You pasted into Site Footer instead of Site Header

• A caching layer is serving old HTML

• Another script on your site overwrote window.GLOBAL

Fix

• Move snippet to Site Header, Save, hard refresh.

• In DevTools console, run:

  • window.GLOBAL

  • window.GHOST_CONTENT_API_KEY

• If window.GLOBAL exists but values don’t match, another script may be overwriting it. Place your snippet as high as possible in Site Header.

4) “Content API features aren’t working / sections are empty”

This typically points to API URL / key issues.

Symptoms

• “Load more” doesn’t load posts

• Tag-based sections show nothing

• Console/network shows failed requests

• Authors and Tags page cannot load more authors/tags

Fix checklist

1. Confirm window.GHOST_CONTENT_API_KEY is correct (copied from the Custom Integration).

2. Check DevTools → Network tab:

   • Do you see requests to /ghost/api/content/… ?

   • Are they returning 200 or errors like 401/403/404?

3. If requests fail due to domain mismatch, set:

   • window.GHOST_API_URL = 'https://YOUR_API_DOMAIN' Use the API URL/domain shown in Ghost Integration (best source of truth).

Common mistakes

• Using the wrong key

• Key pasted with extra spaces/quotes accidentally

• Setting a wrong GHOST_API_URL domain/protocol

5) “External links still aren’t opening in a new tab”

Check these first

• Is the link actually “external”? (external themes have different root domains.)

• Is your value a boolean (not a string)?

  • ✅ OPEN_LINKS_IN_NEW_TAB: true

  • ❌ OPEN_LINKS_IN_NEW_TAB: 'true'

Test

• Put an obvious external link in a post and re-test.

6) “Light-box doesn’t open on images”

Possible reasons

• ENABLE_IMAGE_LIGHTBOX is false

• The image is wrapped in a custom HTML link that prevents the theme handler

Fix

• Set ENABLE_IMAGE_LIGHTBOX: true

• Test on a standard image inserted via the Ghost editor (not custom HTML).

7) “Header is behaving weird / flickering / not hiding”

Possible reasons

• Conflicting custom scripts affecting scroll

• Very heavy pages causing scroll handler jitter

• You set AUTO_HIDE_HEADER: true and have a sticky announcement bar/plugin

Fix

• Try AUTO_HIDE_HEADER: false to confirm the issue is the scroll behavior.

• Remove/disable other scroll-related scripts (if any).

8) “Color scheme isn’t respecting my setting”

Check

• DEFAULT_COLOR_SCHEME must be one of:

  • 'light', 'dark', 'system'

• If you set 'system', the site will follow the OS/browser theme.

Tip

• Test quickly by switching your OS theme or browser theme override.

9) “REDIRECT_ON_LOCALE is on, but nothing happens”

Locale redirect works only if your site is actually configured for locale-based URLs/routing.

Fix

• Confirm your multilingual/locale setup is implemented (routes + languages).

• If you don’t have a locale structure, keep this false.

10) “Pagination style didn’t change”

Important note

• PAGINATION_STYLE only affects post feeds that are paginated.

• Authors/Tags pages will always use Load More

So if you tested on Authors/Tags pages, you may not see any change.

11) “Contact form isn’t visible”

Crimson hides the contact form when no endpoint is provided.

Fix

• Set a valid endpoint:

  • CONTACT_ENDPOINT: 'https://formhandler.com/api/abc123xyz'

• Ensure it’s https:// and accessible publicly.

• If it still doesn’t show, check console for blocked requests or mixed content.

12) “My social links aren’t showing on Contact page”

These are intentionally hidden when empty.

Fix

• Add the link as a full URL string.

• Example:

  • LINKEDIN_LINK: 'https://linkedin.com/in/yourhandle'