Skip to main content

Updating my content security policy to make sure ads are still visible

Ryan Kretch

Hey team,

I am trying to increase the security of my next.js app (thanks to an audit where I found out Defence against cross-site scripting attacks is not implemented). Currently if I implement this code below, my journey ads/grow widgets do not appear. Do you know what url I should add and where to make sure that they continue to show up when this is in place? 

const ContentSecurityPolicy = `
  default-src 'self';
  script-src 'self' 'unsafe-eval' 'unsafe-inline' giscus.app;
  style-src 'self' 'unsafe-inline' fonts.googleapis.com;
  img-src * blob: data:;
  media-src 'none';
  connect-src *;
  font-src 'self' fonts.gstatic.com;
  frame-src giscus.app https://www.youtube.com https://player.vimeo.com https://maps.google.com https://www.google.com/maps/ https://calendar.google.com https://open.spotify.com https://www.instagram.com https://www.tiktok.com;
`
0

Comments

0 comments

Journey is Self Supported

Our support staff is monitoring this forum everyday for bugs related to ad delivery, the display and functionality of the Journey dashboard, and any bugs related to the onboarding process. We are typically unable to assist with non-bug related issues like RPM performance expectations, issues setting up the ads.txt file, and questions already answered by our existing help docs. Read here for a more detailed breakdown of how Journey is self-supported and our recommendations for how to find answers to common issues.

Please sign in to leave a comment.

Powered by Zendesk