Content Security Policy

Some applications enforce content security policies. You have to enable Product Fruits domains or domains for any 3rd party integration you might use. A typical example is videos on tour cards. Based on the video provider you use, you might want to enable also their domains.

For Product Fruits domains, use these CSPs:

script-src 'unsafe-inline' https://*; 
connect-src https://*; 
style-src 'unsafe-inline' https://*; 
img-src data: https://*;
frame-src https://*;

If you use our Giphy, Tenor, Typeform, or other integrations, you must also set their CSP properly.