Content Security Policy Header

In this article we will describe the necessary steps your team will need to take in order to whitelist Crobox in your Content Security Policy header.

What to do if your website enforces a Content Security Policy header:

Crobox loads scripts, fonts, images and fetches data from 2 domains, so you need to add both of the following to your CSP:

cdn.crobox.io
api.crobox.com

to the script-src, font-src , img-src , connect-src sections (or default-src if not using those specifics) sections of the CSP header. Crobox creates the stylesheets dynamically so you will need to add 'unsafe-inline' the style-src section.

Other third-parties that might be used are Google Fonts and Unsplash, so their resources also need to be whitelisted, if not already included in your CSP.

Depending on how strict the policy is applied you might also have to add 'unsafe-eval' to script-src since this is used for the Crobox preview mode.

PreviousPushing Events to Crobox NextCookie Wall Settings

Last updated 2 months ago

Was this helpful?

hashtagWhat to do if your website enforces a Content Security Policyarrow-up-right header:

What to do if your website enforces a Content Security Policy header: