All Collections
Widget
Troubleshoot
Optimizing Marker.io with Content Security Policy (CSP)
Optimizing Marker.io with Content Security Policy (CSP)

Ensure seamless Marker.io functionality while maintaining robust security with CSP.

Emile-Victor Portenart avatar
Written by Emile-Victor Portenart
Updated over a week ago

Introduction to Content Security Policy (CSP)

CSP serves as a robust security layer designed to shield against content injection attacks, notably Cross-Site Scripting (XSS). It acts as a whitelist, specifying which sources of content are permissible, thereby preventing unauthorized code execution.

Integrating Marker.io with CSP

For those utilizing CSP versions 1 or 2, it's essential to incorporate specific domains into your allowed list to guarantee Marker.io operates without hitches. Here's a breakdown:

frame-src:
 https://app.marker.io

connect-src:
 https://api.marker.io
 https://ssr.marker.io
  
child-src:
 https://app.marker.io

font-src:
 https://app.marker.io
 https://edge.marker.io

form-action:
 https://app.marker.io
 https://api.marker.io

media-src:
 https://media.marker.io
 https://app.marker.io
 https://edge.marker.io

img-src:
 blob:
 data:
 https://media.marker.io
 https://app.marker.io
 https://edge.marker.io

script-src:
 https://edge.marker.io
 https://app.marker.io

style-src:
 'unsafe-inline'

Firewall Considerations

To ensure Marker.io functions optimally, it's crucial to also permit the aforementioned domains in your firewall settings. This step is vital to prevent any disruptions in Marker.io's performance.

By following this guide, you can confidently integrate Marker.io with your CSP, ensuring a balance between top-tier security and optimal functionality.

Did this answer your question?