Content Security Policy for Safari Browser

The Safari browser has the most restrictive CORS policy interpretation. The embedded elements will sometimes work with other browsers like Firefox, Chrome, Edge, Brave with no issues, but trying to run it on a Safari browser might result in the below error message.


For such instances, please check the Console log under Developer Tools. If a message related to a CORS policy error is seen:


Below is a complete set of content security policy rules that would be required in HTTP header format to set up the Content Security Policy

Content-Security-Policy: script-src
Content-Security-Policy: style-src
Content-Security-Policy: frame-ancestors
Content-Security-Policy: frame-src
Content-Security-Policy: frame-src
Content-Security-Policy: connect-src
Content-Security-Policy: img-src
Content-Security-Policy: style-src