Skip to main content

Content Security Policy (CSP)

Setting Up CSP for Marker.io Bug Reporting

Updated over 9 months ago

Below, we explain how to configure your Content Security Policy (CSP) to allow Marker.io to run correctly while keeping your website secure.

What is Content Security Policy (CSP)?

Content Security Policy (CSP) is like a security guard for your website. It protects against attacks by controlling which content can be loaded and run on your site. It's like a list of trusted sources your website is allowed to use. By setting up a CSP, you help prevent harmful scripts or unauthorized code from running on your site, especially from attacks like Cross-Site Scripting (XSS).

Why Do You Need to Adjust CSP for Marker.io?

Marker.io is a tool that helps you track issues and report bugs directly from your website. To make sure Marker.io works correctly with your CSP settings, you'll need to allow certain Marker.io domains. This allows Marker.io to do its job without causing any problems for your website's security.

Adding Marker.io Domains to Your CSP

Depending on your CSP version, here’s how you can integrate Marker.io:

frame-src:
 https://app.marker.io

connect-src:
 https://api.marker.io
 https://ssr.marker.io
 https://s3.eu-west-1.amazonaws.com/marker.sessions.prod 
  
child-src:
 https://app.marker.io

font-src:
 https://app.marker.io
 https://edge.marker.io

form-action:
 https://app.marker.io
 https://api.marker.io

media-src:
 https://media.marker.io
 https://app.marker.io
 https://edge.marker.io

img-src:
 blob:
 data:
 https://media.marker.io
 https://app.marker.io
 https://edge.marker.io

script-src:
 https://edge.marker.io
 https://app.marker.io

style-src:
 'unsafe-inline'

Steps to Update Your CSP

  1. Locate Your CSP Settings: Find the part of your website code or security settings where the CSP is defined. This might be in your HTML <meta> tags or HTTP headers.

  2. Add Marker.io Domains: Copy the necessary Marker.io domains from the table above and paste them into the appropriate sections of your CSP settings.

  3. Save and Test: After updating your CSP, save the changes and test your website to ensure that Marker.io functions properly and that your website remains secure.

Firewall Settings

Along with updating your CSP, make sure your firewall settings allow the same Marker.io domains. See our firewall guide here.

Need Help?

If you have any questions, comments, or corrections, chat with us at the bottom right of our web pages.

Related Articles
Widget JavaScript SDK
PrestaShop CMS Integration
MkDocs Integration
Ghost.org Integration
How to Use Marker.io with Two Separate Accounts
Did this answer your question?