Yes, you can use Atatus with Content Security Policy. You’ll need to add these items to your existing script, image, and connect source CSP headers:
script-src bm-rx.atatus.com
image-src bm-rx.atatus.com
connect-src bm-rx.atatus.com
If you are using atatusjs from CDN, you’ll need to add the CDN host to your script-src directive:
script-src dmc1acwvwny3.cloudfront.net
There are two ways to add Content Security Policy (CSP) rules to your web application:
- HTML Meta Tag
- HTTP Response Header
HTML Meta Tag
Here's an example of how you can add these directives to the <meta>
tag in the <head>
section of your HTML page:
<head>
<meta http-equiv="Content-Security-Policy" content="
script-src 'self' bm-rx.atatus.com dmc1acwvwny3.cloudfront.net;
image-src 'self' bm-rx.atatus.com;
connect-src 'self' bm-rx.atatus.com;
">
<title>My Page</title>
</head>
Note that you might need to add other sources as well depending on your application's needs.
HTTP Response Header
Here's an example of how you can add these directives to your website's HTTP headers:
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: script-src 'self' bm-rx.atatus.com dmc1acwvwny3.cloudfront.net; image-src 'self' bm-rx.atatus.com; connect-src 'self' bm-rx.atatus.com;