1. Home
  2. Developers
  3. Advanced topics
  4. Content Security Policy (CSP)

Content Security Policy (CSP)


Content Security Policy (CSP) refers to an extra layer of security to prevent attacks such as Cross Site Scripting (XSS).

To correctly display content coming from Blue Billywig, you might need to reconfigure your server to return the correct Content-Security-Policy HTTP response header.

The following example adds your Blue Billywig publication as a trusted subdomain when content is embedded in an iframe (indentations and hard returns are added to increase readability):

content-security-policy: 
    style-src 'self' 'unsafe-inline'; 
    frame-src MYPUBLICATION.bbvms.com; 
    default-src 'self';
Note:

JavaScript / Launchpad embedded content involves more specific values to reconfigure your CSP response header, which makes it challenging to present a general template. Please contact your account manager or support@bluebillywig.com for more assistance.

Updated on January 14, 2021

Was this article helpful?

Related Articles