Content Security Policy

Some applications enforce content security policies (CSP). You have to enable Product Fruits domains or domains for any 3rd party integration you might use. A typical example is videos on tour cards. Based on the video provider you use, you might want to enable also their domains. 

For Product Fruits domains, use these CSPs:

script-src 'unsafe-inline' https://*; 
connect-src https://* wss://*;
style-src 'unsafe-inline' https://*; 
img-src data: https://*;
frame-src https://*;
media-src blob:;

If you use our Giphy, Tenor, Typeform, or other integrations, you must also set their CSP properly.