Background
From RMJ 9.2.10 onward, an extra layer of security has been added by Content-Security-Policy headers that block external scripts. Due to this Extension Points which display external content might now display like
With a text like "This content has been blocked. Please contact the site owner to resolve the issue."
Within Browser Development tools you will see following on the Console tab
"Content-Security-Policy: The page's settings blocked the loading of a resource ..."
Instruction
To allow content from an external websites in your Extension Point, edit Configuration > Extension Points > [name] and add a csp tag at the end of the Deployment Descriptor, i.e. like this
<csp>
<directive name="default-src 'self' data:">
<source>https://externalhost.com</source>
</directive>
</csp>
To verify whether the additional content-security-policy is active, you can use the Browser Development tools > Network tab
Comments
0 comments
Please sign in to leave a comment.