Content Security Policy for Safari Browser
The Safari browser has the most restrictive CORS policy interpretation. The embedded elements will sometimes work with other browsers like Firefox, Chrome, Edge, Brave with no issues, but trying to run it on a Safari browser might result in the below error message.
For such instances, please check the Console log under Developer Tools. If a message related to a CORS policy error is seen:
Below is a complete set of content security policy rules that would be required in HTTP header format to set up the Content Security Policy
Content-Security-Policy: script-src https://sdk.joinsherpa.io
Content-Security-Policy: style-src https://sdk.joinsherpa.io
Content-Security-Policy: frame-ancestors https://sdk.joinsherpa.io
Content-Security-Policy: frame-src https://apps.joinsherpa.io
Content-Security-Policy: frame-src https://sherpa-widget.joinsherpa.io
Content-Security-Policy: connect-src https://requirements-api.joinsherpa.com
Content-Security-Policy: img-src https://cdn.joinsherpa.io
Content-Security-Policy: style-src https://cdn.joinsherpa.io
Updated almost 3 years ago