Content Security Policy for Safari Browser

The Safari browser has the most restrictive CORS policy interpretation. The embedded elements will sometimes work with other browsers like Firefox, Chrome, Edge, Brave with no issues, but trying to run it on a Safari browser might result in the below error message.

11201120

For such instances, please check the Console log under Developer Tools. If a message related to a CORS policy error is seen:

12641264

Below is a complete set of content security policy rules that would be required in HTTP header format to set up the Content Security Policy

Content-Security-Policy: script-src https://sdk.joinsherpa.io
Content-Security-Policy: style-src https://sdk.joinsherpa.io
Content-Security-Policy: frame-ancestors https://sdk.joinsherpa.io
Content-Security-Policy: frame-src https://apps.joinsherpa.io
Content-Security-Policy: frame-src https://sherpa-widget.joinsherpa.io
Content-Security-Policy: connect-src https://requirements-api.joinsherpa.com
Content-Security-Policy: img-src https://cdn.joinsherpa.io
Content-Security-Policy: style-src https://cdn.joinsherpa.io


Did this page help you?