Skip to main content
All CollectionsInstalling Sleekplan
Using the Sleekplan Widget with Content Security Policy (CSP)
Using the Sleekplan Widget with Content Security Policy (CSP)

All Sleekplan domains you'll need to allow in your CSP.

Updated over 7 months ago

Content Security Policy (CSP) is a security mechanism that helps protect against content injection attacks, such as Cross Site Scripting (XSS). Here are relevant directives you'll need to add for Sleekplan to function correctly:

script-src
'unsafe-inline'
blob:
https://api-client.sleekplan.com
https://client.sleekplan.com
https://storage.sleekplan.com

style-src
'unsafe-inline'
https://client.sleekplan.com
https://storage.sleekplan.com

connect-src
https://api-client.sleekplan.com
https://ingest.sleekplan.com
https://storage.sleekplan.com

font-src
https://storage.sleekplan.com

frame-src
'self'

img-src
blob:
data:
https://client.sleekplan.com
https://storage.sleekplan.com

Sleekplan not yet fully supports Google strict CSPv3

Did this answer your question?