What is Content Security Policy (CSP)?
CSP is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. It is important to be protected against these threats, as they could compromise the integrity of your data or leave your customers exposed to the risk of fraud.
For further information on CSP, you can refer to the Mozilla documentation:
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
If CSP has been configured as part of your solution, your CSP definition should include the following:
- default-src 'none';
- script-src 'self' 'unsafe-inline' https://*.securetrading.net https://*.google-analytics.com
- https://pay.google.com https://*.secure.checkout.visa.com https://secure.checkout.visa.com https://*.cardinalcommerce.com;
- connect-src 'self' https://*.sentry.io https://*.cardinalcommerce.com;
- img-src 'self' https://*.google-analytics.com data: https://*.gstatic.com https://*.vims.visa.com https://*.secure.checkout.visa.com https://secure.checkout.visa.com;
- font-src 'self' https://*.gstatic.com;
- frame-src 'self' https://*.trustpayments.com https://*.securetrading.net https://*.secure.checkout.visa.com https://secure.checkout.visa.com https://*.cardinalcommerce.com https://pay.google.com https://thm.visa.com;
- style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
- form-action 'self' https://*.cardinalcommerce.com https://*.securetrading.net;
- base-uri 'self'