Introduction to Content Security Policy (CSP)
CSP serves as a robust security layer designed to shield against content injection attacks, notably Cross-Site Scripting (XSS). It acts as a whitelist, specifying which sources of content are permissible, thereby preventing unauthorized code execution.
Integrating Marker.io with CSP
For those utilizing CSP versions 1 or 2, it's essential to incorporate specific domains into your allowed list to guarantee Marker.io operates without hitches. Here's a breakdown:
frame-src:
https://app.marker.io
connect-src:
https://api.marker.io
https://ssr.marker.io
child-src:
https://app.marker.io
font-src:
https://app.marker.io
https://edge.marker.io
form-action:
https://app.marker.io
https://api.marker.io
media-src:
https://media.marker.io
https://app.marker.io
https://edge.marker.io
img-src:
blob:
data:
https://media.marker.io
https://app.marker.io
https://edge.marker.io
script-src:
https://edge.marker.io
https://app.marker.io
style-src:
'unsafe-inline'
Firewall Considerations
To ensure Marker.io functions optimally, it's crucial to also permit the aforementioned domains in your firewall settings. This step is vital to prevent any disruptions in Marker.io's performance.
By following this guide, you can confidently integrate Marker.io with your CSP, ensuring a balance between top-tier security and optimal functionality.