Group 65Go to Marker.io
All Collections
Security, Privacy & Performance
Using Marker.io with Content Security Policy

Using Marker.io with Content Security Policy

Find here Marker.io domains you'll need to allow in your CSP or firewall.
Gary Gaspar avatar
Written by Gary Gaspar
Updated over a week ago

Content Security Policy (CSP) is a security mechanism that helps protect against content injection attacks, such as Cross Site Scripting (XSS).

If you're supporting CSP up to version 1 or 2, you'll need to add the following to your list of allowed domains for Marker.io to function correctly:

frame-src:
 https://marker.io

connect-src:
 https://api.marker.io
 https://ssr.marker.io
  
child-src:
 https://marker.io

font-src:
 https://marker.io
 https://edge.marker.io

form-action:
 https://marker.io
 https://api.marker.io

media-src:
 https://media.marker.io
 https://marker.io
 https://edge.marker.io

img-src:
 blob:
 data:
 https://media.marker.io
 https://marker.io
 https://edge.marker.io

script-src:
 https://edge.marker.io
 https://marker.io

style-src:
 'unsafe-inline'

Firewalls

Many of the above domains will also need to be allowed in your firewall settings to allow correct functioning of Marker.io

Did this answer your question?