Skip to main content

Using the Sleekplan Widget with Content Security Policy (CSP)

All Sleekplan domains you'll need to allow in your CSP.

Updated over a year ago

Content Security Policy (CSP) is a security mechanism that helps protect against content injection attacks, such as Cross Site Scripting (XSS). Here are relevant directives you'll need to add for Sleekplan to function correctly:

script-src
'unsafe-inline'
blob:
https://api-client.sleekplan.com
https://client.sleekplan.com
https://storage.sleekplan.com

style-src
'unsafe-inline'
https://client.sleekplan.com
https://storage.sleekplan.com

connect-src
https://api-client.sleekplan.com
https://ingest.sleekplan.com
https://storage.sleekplan.com

font-src
https://storage.sleekplan.com

frame-src
'self'

img-src
blob:
data:
https://client.sleekplan.com
https://storage.sleekplan.com

Sleekplan not yet fully supports Google strict CSPv3

Did this answer your question?