Content Security Policy (CSP) is a set of security rules that helps to prevent data injection, cross-site scripting (XSS) and click-jacking on user interfaces such as the TAP Feed. CSP defines the sources from which resources can be used.
Without CSP, malicious actors could deface your TAP Feed or enable other content to be shown inside the iFrame.
With CSP, we only allow your TAP Feed to be accessed from pre-defined domain names.
What do you need to do?
Go to the TAP Feed settings section of your Admin Dashboard
Enter the domain on which your TAP Feed will sit, for example 'https://yourdomain.com'.
It's important to note that if you expect the TAP Feed to display both on a domain containing the subdomain of 'www.' and one without, please ensure both domains are added in.
Most websites will automatically auto-redirect whether the www. subdomain is added or not, but if this does not happen on your website, please add in both domains to your dashboard settings.
3. Click 'save'
4. Embed your TAP Feed on a web page at the defined domain. Your TAP Feed can only be loaded from the domain(s) specified in the dashboard.
The following error will appear if the TAP Feed is embedded on a web page outside of the defined domain.
Typically, once the domain at which your TAP Feed will sit has been added, it will take up to five minutes for the CSP to update. If you have visited this page in the last 24 hours, please kindly clear the cache or wait until the previous page’s cache expires.
If you have any questions at all, please get in touch via: firstname.lastname@example.org 😊