logo
Userlike Guide
/
Setup
/
Widget Integration

Content Security Policy

Intro
Content Security Policy (CSP) ist ein Sicherheitskonzept, um Cross-Site-Scripting und andere Angriffe durch Einschleusen von Daten in Webseiten zu verhindern.
Falls Sie CSP auf Ihrer Webseite einsetzen, müssen Sie eine der folgenden Regeln hinzufügen, um Userlike nutzbar zu machen.
Regel mit Laden von Schriftarten
Benutzen Sie diese CSP-Regel, wenn Sie planen, individuelle Web-Schriftarten im Website Messenger einzusetzen.
javascript
child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net blob:;
connect-src wss://umd.userlike.com umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com blob:;
font-src data: userlike-cdn-umm.b-cdn.net fonts.gstatic.com;
frame-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net www.youtube.com player.vimeo.com;
img-src data: userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-operators.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com;
media-src userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com www.userlike.com blob:;
object-src 'none';
script-src 'self' 'unsafe-inline' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net
Regel ohne Laden von Schriftarten
Benutzen Sie diese CSP-Regel, wenn Sie planen, Systemschriftarten im Website Messenger einzusetzen.
javascript
child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net blob:;
connect-src wss://umd.userlike.com umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com blob:;
frame-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net www.youtube.com player.vimeo.com;
img-src data: userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-operators.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com;
media-src userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com www.userlike.com blob:;
object-src 'none';
script-src 'self' 'unsafe-inline' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net
👉🏻
read this article in English: https://docs.userlike.com/setup/integration/content-security-policy
Google Tag Manager
WordPress
Powered by Notaku
Imprint/Impressum
Share