Content Security Policy (CSP)
The Pathable platform uses Content Security Policy (CSP) to increase the security of Pathable event sites. CSP blocks non-whitelisted external libraries, widgets, and embedded content from being loaded in browsers. While this process is an effective safeguard against malicious activity, it can also block intentional integrations between the event site and 3rd party content.
There are two ways to allow 3rd party embedded content and widgets to function on custom pages. The options can be found in Admin Dashboard > Settings > Security.
- Disable CSP
- This broad scope deactivation allows event sites to display 3rd party content and widgets. This action is not recommended as disabling CSP can allow potentially harmful HTML scripts onto your site.
- Disabling CSP can be done by checking the box Allow external libraries to be used in the app.
- Whitelist specific domains
- Determine which domains are needed for your external libraries, widgets, and embedded content. Add the domains to the Whitelisted domains field by using *.[domain].com
- Note, some 3rd party providers require more than one URL to be whitelisted for a widget or embed code to function properly.
- A maximum of 10 entries is allowed.
Below is the list of domains that are required for LinkedIn Insights. Required domains can change over time, please check with your Implementation Specialist if you run into any unexpected issues.
The ability to whitelist specific domains is still in development and is part of the 2.21 release.