All the Minerva domains to allow in your CSP
A Content Security Policy (CSP) is a security mechanism for modern browsers that can restrict capabilities on a web page in order to protect end users from a range of possible injection attacks, including cross-site scripting (XSS).
This article identifies the required CSP directives to allow full Minerva SDK functionality.
The following are required if your CSP defines an allowed list of domains for a particular directive.
For example, if your CSP defines a directive of “script-src https:”, then you do not need to specify the “*.minervaknows.com” hosts because “https:” is a more generic value. Also, if your CSP defines a particular directive (e.g., connect-src), then please include the Minerva domain(s) to ensure continued SDK functionality.
We aim to promote best practices for the modern web, so our goal is to support full Minerva SDK functionality with a strict CSP.
Adopting a CSP is a great way to add a layer of security to your web applications. If you need help with your CSP and the Minerva SDK, send us a message. We’re happy to help!