Using Mues AI with Content Security Policy (CSP)

Written By Merve

Last updated 13 days ago

Why Is This Needed?

Content Security Policy (CSP) is a browser security mechanism. If your site uses it and doesn’t explicitly allow external scripts, the browser will block them. Adding our domain ensures that your users can load and run our script safely.

How Do I Set It?

Allow given directives for https://*.mues.ai:

  • “script-src”

  • “style-src”

  • “img-src”

Example CSP Headers:

Example
Content-Security-Policy:
  default-src 'self';
  script-src 'self' https://*.mues.ai;
  style-src 'self' https://*.mues.ai;
  img-src 'self' https://*.mues.ai data:;

Learn more about how to modify the CSP you’re using: https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP

Why Would Mues Need Those CSP Directives?

Mues needs 3 CSP allowances in order to be loaded in your CSP Protected Page:

  • script-src: To be able to embed Mues script as a HTML node (<script/>)

  • style-src: To be able to embed Mues containers’ CSS styles without needing to add them manually

  • img-src: To be able to load images from Mues’ CDN services