Restrict the default-src of the header Content Security Policy could break the Checkout
ID: 763359
Backlog
Published on 3/2/2023
•
Last update on 3/2/2023
Summary
Restricting the Content Security Policy header can cause checkout files not to be loaded. For example, the default-src 'self'
configuration can cause files coming from vtex.com not to be loaded
Simulation
-
Set default-src of the Content Security Policy
-
try to buy something through checkout
-
See the error on the console
Content Security Policy: the page's settings blocked the loading of a resource at
Workaround
Remove the header