How CSP improves the security of your Feed.
Content Security Policy (CSP) is a set of security rules that helps to prevent data injection, cross-site scripting (XSS) and click-jacking on user interfaces such as your Feed. CSP defines the sources from which resources can be used.
Without CSP, malicious actors could deface your Feed or enable other content to be shown inside the iFrame.
With CSP, we only allow your Feed to be accessed from pre-defined domain names.
What do you need to do?
-
Go to the Feed settings section of your Admin Dashboard
-
Enter the domain on which your Feed will sit, for example 'https://yourdomain.com'.
It's important to note that if you expect the Feed to display both on a domain containing the subdomain of 'www.' and one without, please ensure both domains are added in.
For example:
"https://theambassadorplatform.com" and "https://www.theambassadorplatform.com".
Most websites will automatically auto-redirect whether the www. subdomain is added or not, but if this does not happen on your website, please add in both domains to your dashboard settings.
3. Click 'save'
4. Embed the iFrame code on a web page at the defined domain. Your Feed can only be loaded from the domain(s) specified in the dashboard.
Troubleshooting
The following error will appear if the Feed is embedded on a web page outside of the defined domain.
Typically, once the domain at which your Feed will sit has been added, it will take up to five minutes for the CSP to update. If you have visited this page in the last 24 hours, please kindly clear the cache or wait until the previous page’s cache expires.
If you have any questions at all, please get in touch via: support@theambassadorplatform.com 😊