Content Security Policy (CSP)
To ensure seamless integration of the Embedded Experience into your platform, it's essential to configure your Content Security Policy (CSP) correctly. This document provides step-by-step instructions on how to update your CSP to allow necessary resources from multiple domains, thereby resolving CORS (Cross-Origin Resource Sharing) issues.
Understanding Content Security Policy (CSP)
Content Security Policy (CSP) is a security standard designed to prevent various types of attacks, such as Cross-Site Scripting (XSS) and data injection attacks. CSP achieves this by allowing you to specify the sources from which your web application can load resources like scripts, styles, images, and more.
In the Embedded Experience, certain third-party libraries require access to scripts hosted on multiple domains. If these domains are not explicitly allowed in your CSP, browsers will block the requests, leading to functionality issues.
Required Domains
| Domain | Usage |
|---|---|
https://docucdn-a.akamaihd.nethttps://na4.docusign.nethttps://demo.docusign.net (dev/staging environments) | Allows users to read and sign their credit contract inside the embedded experience |
https://*.amplitude.comhttps://*.customer.io | Analytics tracking |
https://r2.cohttps://*.r2capital.co | R2's internal purposes |
Updated about 1 month ago