Go to Marker.io
All Collections
Widget
Troubleshoot
Using Marker.io with Content Security Policy

Using Marker.io with Content Security Policy

Find here Marker.io domains you'll need to allow in your CSP or firewall.
Emile-Victor Portenart avatar
Written by Emile-Victor Portenart
Updated over a week ago

Content Security Policy (CSP) is a security mechanism that helps protect against content injection attacks, such as Cross Site Scripting (XSS).

If you're supporting CSP up to version 1 or 2, you'll need to add the following to your list of allowed domains for Marker.io to function correctly:

frame-src:
 https://app.marker.io

connect-src:
 https://api.marker.io
 https://ssr.marker.io
  
child-src:
 https://app.marker.io

font-src:
 https://app.marker.io
 https://edge.marker.io

form-action:
 https://app.marker.io
 https://api.marker.io

media-src:
 https://media.marker.io
 https://app.marker.io
 https://edge.marker.io

img-src:
 blob:
 data:
 https://media.marker.io
 https://app.marker.io
 https://edge.marker.io

script-src:
 https://edge.marker.io
 https://app.marker.io

style-src:
 'unsafe-inline'

Firewalls

Many of the above domains will also need to be allowed in your firewall settings to allow correct functioning of Marker.io

Did this answer your question?