Skip to main content

Dealing with Content Security Policies

Content security policies

A content security policy (CSP) is a security feature used to help protect websites and web apps from malicious attacks such as content injections and cross-site-scripting (XSS) attacks. A CSP is essentially a set of rules that restricts, or green lights, what content is allowed to load onto your app or website. If you're using CSPs in your app or website, you need whitelist Command AI to ensure it works correctly.

Setting up content security policies for Command AI

If your web app uses a Content Security Policy to protect your users from XSS vulnerabilities, you'll need to whitelist our third party JavaScript for Command AI to function correctly.

Here are the minimal set of CSP rules needed to get up and running with Command AI:

script-src: https://*.command.ai;
frame-src: https://*.command.ai;
img-src: https://*.command.ai;
media-src: https://*.command.ai;
connect-src: https://*.command.ai;
style-src: https://*.command.ai;

Add these to your content security policies to ensure Command AI works.