Skip to main content

Dealing with Content Security Policies

Content security policies

A content security policy (CSP) is a security feature used to help protect websites and web apps from malicious attacks such as content injections and cross-site-scripting (XSS) attacks. A CSP is essentially a set of rules that restricts, or green lights, what content is allowed to load onto your app or website. If you're using CSPs in your app or website, you need whitelist CommandBar to ensure it works correctly.

Setting up content security policies for CommandBar

If your web app uses a Content Security Policy to protect your users from XSS vulnerabilities, you'll need to whitelist our third party JavaScript for CommandBar to function correctly.

Here are the minimal set of CSP rules needed to get up and running with CommandBar:

script-src: https://*.commandbar.com;
frame-src: https://*.commandbar.com;
img-src: https://*.commandbar.com;
media-src: https://*.commandbar.com;
connect-src: https://*.commandbar.com;
style-src: https://*.commandbar.com;

Add these to your content security policies to ensure CommandBar works.