Use Djaty Javascript SDK with a Content Security Policy

Content Security Policy (CSP) is a widely supported Web security standard intended to prevent certain types of injection-based attacks by providing a standard method for declaring allowed content origins. If you use a CSP, use this guide to understand how to configure Djaty Javascript SDK to work with your CSP implementation.

To use Djaty Javascript SDK on a page with a Content Security Policy, the CSP must allow the execution of the Djaty Javascript SDK snippet, which is an inline JavaScript snippet that injects other Djaty core scripts. This necessitates the addition of unsafe-inline to the CSP’s script-src section.

Djaty Javascript SDK can be enabled by the following directives:

script-src: 'self' 'unsafe-inline';