A Content Security Policy (CSP) is a security feature that helps protect websites from security threats and vulnerabilities. It does this by specifying the type of content (e.g. scripts, images, videos) that can be loaded on a website, and from which sources they can be loaded. This helps mitigate certain types of malicious attacks, such as cross-site scripting (XSS), clickjacking, and data injection attacks.
If you have a CSP implemented, you'll need to add a directive that allows files to be loaded from Userled in order to allow the Userled script to work on your website.
Setting up your CSP for Userled
If your organization requires CSP restrictions, we recommend the settings below.
script-src https://*.userledclient.io https://*.userled.io
connect-src https://*.userled.io wss://*.userled.io
frame-src https://*.userledclient.io
img-src *.userled.io *.imageboss.me *.clearbit.com *.unsplash.com *.brandfetch.io
For the img-src policy, Userled gives you access to a couple of publicly available APIs in order to gain access to a richer media library for images and company logos.
If you have any questions, we’re here to help! Please feel free to contact us at any time, either through our Slack Community or via support@userled.io