Adjusting Your Content Security Policy (CSP) Setting

Content Security Policies (CSPs) are rules that websites use to control what content can be loaded and run in your browser. For most websites, the CSP will allow scripts and styles only from the website's own domain and from trusted third-party tools.

If you encounter issues related to your website's Content Security Policies, the best person to contact is your web developer or the individual responsible for managing your website. They will be able to assess the specific requirements of your server and make the necessary changes to resolve any CSP-related problems.

As every server is unique, Mida cannot provide further assistance in fixing these issues. It is recommended that you reach out to your web developer or website manager, as they have the expertise and knowledge required to address CSP concerns effectively.

Choose which CSP settings to adjust

If you are using a default CSP then adding the below to your default-src rules will be sufficient.

The "..." in the examples below is a placeholder for any existing rules you might have in place:

default-src ... https://*.mida.so 'unsafe-inline'

If you want stricter restrictions we would recommend the template below to ensure that your policies will be more future-proof. Here's an example of what that would look like:

img-src ... https://*.mida.so

script-src ... https://*.mida.so 'unsafe-inline'

connect-src ... https://*.mida.so

font-src ... https://*.mida.so

style-src ... https://*.mida.so 'unsafe-inline'

If your CSPs require more granularity then here are the absolute minimum security allowances that you need to add to your web-server to allow Mida to function properly on your site:

img-src ... https://cdn.mida.so

script-src ... https://cdn.mida.so 'unsafe-inline'

connect-src ... https://*.mida.so

font-src ... https://cdn.mida.so

style-src ... https://cdn.mida.so 'unsafe-inline'