Correct Content Security Policy (CSP) to use?

  • Resolved MV

    (@mvenkadesan)


    4 years, 1 month ago

    Hi,

    I want to use the correct CSP policy, but without known unsafe elements like unsafe-inline or unsafe-eval. But for that I need to know which URLs should be allowed for connect-src, font-src, frame-src, and many other similar source tags. On my website, the only pages that use external resources are triggered by the Stripe for Woocommerce plugin, so it is related to the payment features. However, the exact resource depends on the browser and the specific options that are enabled, like Payment Request Buttons. Can you please point me to the correct set of URLs that I should allow in my CSP in order to not break payments and still conform to modern security standards?

    Thank you!

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Correct Content Security Policy (CSP) to use?’ is closed to new replies.

Tags