Versions Compared

Old Version 13

changes.mady.by.user Hugo Silva

Saved on

compared with

New Version 14

changes.mady.by.user Hugo Silva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Note that the policy is meant to be controlled via the HTTP response header, which is sent back by the webserver that serves the application / webpage. Browsers also support control via a meta tag that can be placed in the page <head>, but not all browser do (e.g. IE doesn't).
For this to work, you need to use bundle.js instead of loader.jsThe loader.js script requires the 'unsafe-eval'. If you have security concerns, we recommend using the bundle.js script without the 'unsafe-eval'.

If your site uses CSP, the following sources need to must be included in all CSP directives (script-src, img-src etc.) to ensure the Usercentrics CMP resources are not blocked: https://*.usercentrics.eu.

The following <meta>-tag is an example of what a browser-side implementation of a CSP policy might look like:For it to work, you need to use bundle.js instead of loader.js.

  • With 'unsafe-eval' to use with loader.js script

Code Block
<meta http-equiv="Content-Security-Policy" content="script-src https://*.usercentrics.eu 'self' 'unsafe-eval'; connect-src 'self' https://*.usercentrics.eu; img-src 'self' https://*.usercentrics.eu;">

  • Without 'unsafe-eval' to use with bundle.js script

Code Block
<meta http-equiv="Content-Security-Policy" content="script-src https://*.usercentrics.eu 'self'; connect-src 'self' https://*.usercentrics.eu; img-src 'self' https://*.usercentrics.eu;">

...