Skip to main content

Content Security Policy

The IDaaS Auth SDK will send API requests to your IDaaS tenant. You will need to ensure your Content Security Policy is updated to include your IDaaS tenant hostname as an allowed connection source. For more information regarding CSP, see the MDN Content Security Policy documentation.

The preferred way to define the CSP is to include it in the HTTP Response Header that delivers the HTML document.

The following is an example to be accepted in your Content Security Policy. Replace entrust.us.trustedauth.com with your IDaaS tenant hostname.

connect-src 'entrust.us.trustedauth.com'
note

You may want to replace the wild cards (*) with your full hostname.