Content security policy (CSP)
Configuring Content Security Policies for Promolayer
Overview
Content Security Policies (CSP) are an important security feature that help to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. To ensure that Promolayer functions correctly on your site, specific domains need to be allowed through your CSP. This guide outlines how to update your CSP to include these domains.
Domains to be Included
To facilitate all features of Promolayer working as expected, you can either allow all subdomains for broader coverage or specify individual subdomains for tighter security.
Option 1: Allow All Subdomains (Recommended for Simplicity)
Add the following wildcard domains to your CSP:
*.peakdigital.cloud
*.promolayer.io
*.promolayer-images.b-cdn.net
Option 2: Specify Individual Domains (For Tighter Security)
If you prefer to specify individual domains, include these in your CSP:
geoip.peakdigital.cloud
a.promolayer.io
displayscdn.promolayer.io
modules.promolayer.io
promolayer-images.b-cdn.net
scripts.promolayer.io
api.promolayer.io
Instructions for Updating Your CSP
Step 1: Identify Your CSP Location
Your CSP is typically defined within the <meta> tags of your HTML documents or through HTTP headers managed by your web hosting provider.
Step 2: Update Your CSP
If you are using a <meta> tag for your CSP, modify the content attribute like this, choosing the appropriate option based on your domain inclusion preference:
<!-- Option 1: Wildcard Domains -->
<meta http-equiv="Content-Security-Policy" content="default-src 'self' *.peakdigital.cloud *.promolayer.io *.promolayer-images.b-cdn.net;">
<!-- Option 2: Specific Domains -->
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' scripts.promolayer.io; connect-src 'self' api.promolayer.io; img-src 'self' promolayer-images.b-cdn.net; frame-src 'self' modules.promolayer.io; style-src 'self' displayscdn.promolayer.io; child-src 'self' a.promolayer.io;">
Step 3: Validate Your CSP
Test your application to ensure that all aspects of Promolayer function as expected. You can monitor for any CSP violations using the console in browsers like Google Chrome or Mozilla Firefox, which log these issues.
Updated on: 24/04/2024
Thank you!