Custom Content Security Policy Settings
You can configure your company's CSP directives controlling resource loading and enhanced security via the custom content security policy settings in Builder.
The Content Security Policy section can be found in the Settings area of Builder.
Supported CSP Directives
The CSP directives that you can configure are listed below:
default-src
Default policy for loading content such as JavaScript, Images, CSS, Fonts, AJAX requests, Frames, HTML5 Media, and Object resources.
connect-src
Valid sources for XMLHttpRequest, WebSocket, and EventSource connections
font-src
Valid sources for fonts
frame-src
Valid sources for nested browsing contexts loading using elements such as <frame> and <iframe>
img-src
Valid sources for images
object-src
Valid sources for <object>, <embed>, and <applet> elements
script-src
Valid sources for JavaScript
style-src
Valid sources for stylesheets
manifest-src
Valid sources for web app manifests
prefetch-src
Valid sources for <link rel='prefetch'> elements
worker-src
Valid sources for Worker, SharedWorker, or ServiceWorker scripts
media-src
Valid sources for <audio> and <video> elements
You can add and remove values for each directive whenever you need.
When you have added directive values, you will see a generated CSP header in the Policy Preview field at the foot of the Content Security Policy section.
Last updated
Was this helpful?