Skip to main content
All CollectionsWidgetTroubleshoot
How to Set Up Marker.io with Content Security Policy (CSP)
How to Set Up Marker.io with Content Security Policy (CSP)

Setting Up CSP for Marker.io Bug Reporting

Emile-Victor Portenart avatar
Written by Emile-Victor Portenart
Updated over a week ago

Below, we explain how to configure your Content Security Policy (CSP) to allow Marker.io to run correctly while keeping your website secure.

What is Content Security Policy (CSP)?

Content Security Policy (CSP) is like a security guard for your website. It protects against attacks by controlling which content can be loaded and run on your site. It's like a list of trusted sources your website is allowed to use. By setting up a CSP, you help prevent harmful scripts or unauthorized code from running on your site, especially from attacks like Cross-Site Scripting (XSS).

Why Do You Need to Adjust CSP for Marker.io?

Marker.io is a tool that helps you track issues and report bugs directly from your website. To make sure Marker.io works correctly with your CSP settings, you'll need to allow certain Marker.io domains. This allows Marker.io to do its job without causing any problems for your website's security.

Adding Marker.io Domains to Your CSP

Depending on your CSP version, here’s how you can integrate Marker.io:

frame-src:
 https://app.marker.io

connect-src:
 https://api.marker.io
 https://ssr.marker.io
 https://s3.eu-west-1.amazonaws.com/marker.sessions.prod 
  
child-src:
 https://app.marker.io

font-src:
 https://app.marker.io
 https://edge.marker.io

form-action:
 https://app.marker.io
 https://api.marker.io

media-src:
 https://media.marker.io
 https://app.marker.io
 https://edge.marker.io

img-src:
 blob:
 data:
 https://media.marker.io
 https://app.marker.io
 https://edge.marker.io

script-src:
 https://edge.marker.io
 https://app.marker.io

style-src:
 'unsafe-inline'

Steps to Update Your CSP

  1. Locate Your CSP Settings: Find the part of your website code or security settings where the CSP is defined. This might be in your HTML <meta> tags or HTTP headers.

  2. Add Marker.io Domains: Copy the necessary Marker.io domains from the table above and paste them into the appropriate sections of your CSP settings.

  3. Save and Test: After updating your CSP, save the changes and test your website to ensure that Marker.io functions properly and that your website remains secure.

Firewall Settings

Along with updating your CSP, make sure your firewall settings allow the same Marker.io domains. See our firewall guide here.

Need Help?

If you have any questions, comments, or corrections, chat with us at the bottom right of our web pages.

Related Articles
Troubleshooting: Marker.io Widget Display and Login Issues
PrestaShop CMS Integration
Why Isn’t the Marker.io Widget Showing? Troubleshooting Tips.
Troubleshooting Browser Extension Conflicts at Marker.io
How to Securely Set Up Marker.io on Your Website
Did this answer your question?