If you have established a Content Security Policy for your website, there may be display errors in the Trustbadge® and the Trustcard or in the eTrusted Control Centre. This guide tells you how to customise your Content Security Policy and fix it.
What is a Content Security Policy?
Content Security Policy (CSP) is a security concept for websites that is intended to prevent cross-site scripting attacks in particular. Cross-site scripting causes website visitors' browsers to execute malicious code within a website.
In order to prevent such attacks, all data that is not explicitly approved by the Content Security Policy is blocked from loading. With the help of a Content Security Policy, you can determine which content can be loaded from which sources in your website visitors' browsers.
Adapting Content Security Policy
In order for your Trusted Shops products to function correctly, they must be able to load data from Trusted Shops domains. To do this, adapt your Content Security Policy.
General Content Security Policy
Do you use a general Content Security Policy? In this case, adjustments in your default-src rules are enough. Add the following rules to your default-src rules:
default-src https://*.trustedshops.com http://*.trustedshops.com data: 'unsafe-inline';
More specific Content Security Policy
Have you established your own rules for data types such as images, fonts or JavaScript within your Content Security Policy? Then add the following rules:
img-src https://*.trustedshops.com http://*.trustedshops.com data:;
script-src https://*.trustedshops.com http://*.trustedshops.com 'unsafe-inline';
font-src https://*.trustedshops.com http://*.trustedshops.com data:;
connect-src https://*.trustedshops.com http://*.trustedshops.com https://*.etrusted.com http://*.etrusted.com https://*.trustbadge.com http://*.trustbadge.com;