Content Security Policy (CSP) is a security mechanism that helps protect against content injection attacks, such as Cross Site Scripting (XSS).
If you're supporting CSP up to version 1 or 2, you'll need to add the following to your list of allowed domains for Marker.io to function correctly:
frame-src:
https://app.marker.io
connect-src:
https://api.marker.io
https://ssr.marker.io
child-src:
https://app.marker.io
font-src:
https://app.marker.io
https://edge.marker.io
form-action:
https://app.marker.io
https://api.marker.io
media-src:
https://media.marker.io
https://app.marker.io
https://edge.marker.io
img-src:
blob:
data:
https://media.marker.io
https://app.marker.io
https://edge.marker.io
script-src:
https://edge.marker.io
https://app.marker.io
style-src:
'unsafe-inline'
Firewalls
Many of the above domains will also need to be allowed in your firewall settings to allow correct functioning of Marker.io