Versions Compared

Old Version 14

changes.mady.by.user Hugo Silva

Saved on

compared with

New Version Current

changes.mady.by.user Hugo Silva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Content Security Policy is a security protocol that tells the browser where files may be loaded from.

Info

Note that the policy is meant to be controlled via the HTTP response header, which is sent back by the webserver that serves the application / webpage. Browsers also support control via a meta tag that can be placed in the page <head>, but not all browser do (e.g. IE doesn't).
The loader.js script requires the 'unsafe-eval'. If you have security concerns, we recommend using the bundle.js script without the 'unsafe-eval'.

If your site uses CSP, the following sources must be included in all CSP directives (script-src, img-src etc.) to ensure the Usercentrics CMP resources are not blocked: https://*.usercentrics.eu.

The following <meta>-tag is an example of what a browser-side implementation of a CSP policy might look like:

  • With 'unsafe-eval' to use with loader.js script

Code Block
<meta http-equiv="Content-Security-Policy" content="script-src https://*.usercentrics.eu 'self' 'unsafe-eval'; connect-src 'self' https://*.usercentrics.eu; img-src 'self' https://*.usercentrics.eu;">

  • Without 'unsafe-eval' to use with bundle.js script

Code Block
<meta http-equiv="Content-Security-Policy" content="script-src https://*.usercentrics.eu 'self'; connect-src 'self' https://*.usercentrics.eu; img-src 'self' https://*.usercentrics.eu;">
Tip

You can find more information about the CSP here, here andhere.

Weitere Hilfe benötigt?

Wie bekomme ich Hilfe bei technischen Fragen?