Required content security policy

I can’t find a list of directives that need to be added to my content security policy to use sentry.io with raven.js. So far I’ve only got https://cdn.ravejs.com, but is there anything else that’s required for full operation of Sentry?

For example, both Fullstory and Intercom provide a list of the required directives:


https://www.intercom.com/help/configure-intercom-for-your-product-or-site/staying-secure/using-intercom-with-content-security-policy

Hi @ndench, you will need to add script-src: https://cdn.ravenjs.com (or wherever you’re loading the script from) and the domain present in your configured DSN (connect-src: https://sentry.io).

PR here: https://github.com/getsentry/sentry-javascript/pull/1476

1 Like

That’s perfect, thanks!