logo
Introdução
A Política de Segurança de Conteúdo (CSP) é um conceito de segurança para evitar ataques de Cross-Site-Scripting e outros ataques por meio da inserção de dados em sites da web.
Se você estiver usando o CSP em seu site, precisará adicionar uma das seguintes regras para tornar o Userlike utilizável.
Regra com carregamento de fontes
Use esta regra CSP se planeja usar fontes da web personalizadas no Website Messenger.
javascript
child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net blob:;
connect-src wss://umd.userlike.com umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com blob:;
font-src data: userlike-cdn-umm.b-cdn.net fonts.gstatic.com;
frame-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net www.youtube.com player.vimeo.com;
img-src data: userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-operators.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com;
media-src userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com www.userlike.com blob:;
object-src 'none';
script-src 'self' 'unsafe-inline' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net
Regra sem carregamento de fontes
Use esta regra CSP se planeja usar fontes do sistema no website Messenger.
javascript
child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net blob:;
connect-src wss://umd.userlike.com umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com blob:;
frame-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net www.youtube.com player.vimeo.com;
img-src data: userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-operators.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com;
media-src userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com www.userlike.com blob:;
object-src 'none';
script-src 'self' 'unsafe-inline' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net
👉🏻
read this article in English: https://docs.userlike.com/setup/integration/content-security-policy
Google Tag Manager
WordPress
Powered by Notaku
Imprint/Impressum
Share