diff --git a/v2/emailpassword/custom-ui/init/user-management-dashboard/setup.mdx b/v2/emailpassword/custom-ui/init/user-management-dashboard/setup.mdx index 1ceed9bc5..0c108af83 100644 --- a/v2/emailpassword/custom-ui/init/user-management-dashboard/setup.mdx +++ b/v2/emailpassword/custom-ui/init/user-management-dashboard/setup.mdx @@ -261,6 +261,44 @@ init( ## Content Security Policy + + + +If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration. + +![CSP error handled UI](/img/dashboard/csp-error.png) + + +For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows: + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com +``` + +To resolve this issue, make the following adjustments: + + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com + https://cdn.jsdelivr.net/gh/supertokens/ + +``` +Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy. + + + If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly ```text @@ -268,9 +306,27 @@ script-src: 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/supertokens/ +img-src: + https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ +``` + + + + +If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly +```text +script-src: + 'self' + 'unsafe-inline' + https://cdn.jsdelivr.net/gh/supertokens/ img-src: https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ ``` + + + \ No newline at end of file diff --git a/v2/emailpassword/pre-built-ui/setup/user-management-dashboard/setup.mdx b/v2/emailpassword/pre-built-ui/setup/user-management-dashboard/setup.mdx index 1ceed9bc5..0c108af83 100644 --- a/v2/emailpassword/pre-built-ui/setup/user-management-dashboard/setup.mdx +++ b/v2/emailpassword/pre-built-ui/setup/user-management-dashboard/setup.mdx @@ -261,6 +261,44 @@ init( ## Content Security Policy + + + +If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration. + +![CSP error handled UI](/img/dashboard/csp-error.png) + + +For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows: + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com +``` + +To resolve this issue, make the following adjustments: + + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com + https://cdn.jsdelivr.net/gh/supertokens/ + +``` +Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy. + + + If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly ```text @@ -268,9 +306,27 @@ script-src: 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/supertokens/ +img-src: + https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ +``` + + + + +If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly +```text +script-src: + 'self' + 'unsafe-inline' + https://cdn.jsdelivr.net/gh/supertokens/ img-src: https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ ``` + + + \ No newline at end of file diff --git a/v2/passwordless/custom-ui/init/user-management-dashboard/setup.mdx b/v2/passwordless/custom-ui/init/user-management-dashboard/setup.mdx index 1ceed9bc5..0c108af83 100644 --- a/v2/passwordless/custom-ui/init/user-management-dashboard/setup.mdx +++ b/v2/passwordless/custom-ui/init/user-management-dashboard/setup.mdx @@ -261,6 +261,44 @@ init( ## Content Security Policy + + + +If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration. + +![CSP error handled UI](/img/dashboard/csp-error.png) + + +For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows: + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com +``` + +To resolve this issue, make the following adjustments: + + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com + https://cdn.jsdelivr.net/gh/supertokens/ + +``` +Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy. + + + If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly ```text @@ -268,9 +306,27 @@ script-src: 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/supertokens/ +img-src: + https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ +``` + + + + +If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly +```text +script-src: + 'self' + 'unsafe-inline' + https://cdn.jsdelivr.net/gh/supertokens/ img-src: https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ ``` + + + \ No newline at end of file diff --git a/v2/passwordless/pre-built-ui/setup/user-management-dashboard/setup.mdx b/v2/passwordless/pre-built-ui/setup/user-management-dashboard/setup.mdx index 1ceed9bc5..0c108af83 100644 --- a/v2/passwordless/pre-built-ui/setup/user-management-dashboard/setup.mdx +++ b/v2/passwordless/pre-built-ui/setup/user-management-dashboard/setup.mdx @@ -261,6 +261,44 @@ init( ## Content Security Policy + + + +If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration. + +![CSP error handled UI](/img/dashboard/csp-error.png) + + +For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows: + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com +``` + +To resolve this issue, make the following adjustments: + + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com + https://cdn.jsdelivr.net/gh/supertokens/ + +``` +Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy. + + + If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly ```text @@ -268,9 +306,27 @@ script-src: 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/supertokens/ +img-src: + https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ +``` + + + + +If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly +```text +script-src: + 'self' + 'unsafe-inline' + https://cdn.jsdelivr.net/gh/supertokens/ img-src: https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ ``` + + + \ No newline at end of file diff --git a/v2/static/img/dashboard/csp-error.png b/v2/static/img/dashboard/csp-error.png new file mode 100644 index 000000000..b16070dda Binary files /dev/null and b/v2/static/img/dashboard/csp-error.png differ diff --git a/v2/thirdparty/custom-ui/init/user-management-dashboard/setup.mdx b/v2/thirdparty/custom-ui/init/user-management-dashboard/setup.mdx index 1ceed9bc5..0c108af83 100644 --- a/v2/thirdparty/custom-ui/init/user-management-dashboard/setup.mdx +++ b/v2/thirdparty/custom-ui/init/user-management-dashboard/setup.mdx @@ -261,6 +261,44 @@ init( ## Content Security Policy + + + +If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration. + +![CSP error handled UI](/img/dashboard/csp-error.png) + + +For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows: + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com +``` + +To resolve this issue, make the following adjustments: + + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com + https://cdn.jsdelivr.net/gh/supertokens/ + +``` +Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy. + + + If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly ```text @@ -268,9 +306,27 @@ script-src: 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/supertokens/ +img-src: + https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ +``` + + + + +If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly +```text +script-src: + 'self' + 'unsafe-inline' + https://cdn.jsdelivr.net/gh/supertokens/ img-src: https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ ``` + + + \ No newline at end of file diff --git a/v2/thirdparty/pre-built-ui/setup/user-management-dashboard/setup.mdx b/v2/thirdparty/pre-built-ui/setup/user-management-dashboard/setup.mdx index 1ceed9bc5..0c108af83 100644 --- a/v2/thirdparty/pre-built-ui/setup/user-management-dashboard/setup.mdx +++ b/v2/thirdparty/pre-built-ui/setup/user-management-dashboard/setup.mdx @@ -261,6 +261,44 @@ init( ## Content Security Policy + + + +If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration. + +![CSP error handled UI](/img/dashboard/csp-error.png) + + +For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows: + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com +``` + +To resolve this issue, make the following adjustments: + + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com + https://cdn.jsdelivr.net/gh/supertokens/ + +``` +Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy. + + + If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly ```text @@ -268,9 +306,27 @@ script-src: 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/supertokens/ +img-src: + https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ +``` + + + + +If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly +```text +script-src: + 'self' + 'unsafe-inline' + https://cdn.jsdelivr.net/gh/supertokens/ img-src: https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ ``` + + + \ No newline at end of file diff --git a/v2/thirdpartyemailpassword/custom-ui/init/user-management-dashboard/setup.mdx b/v2/thirdpartyemailpassword/custom-ui/init/user-management-dashboard/setup.mdx index 1ceed9bc5..0c108af83 100644 --- a/v2/thirdpartyemailpassword/custom-ui/init/user-management-dashboard/setup.mdx +++ b/v2/thirdpartyemailpassword/custom-ui/init/user-management-dashboard/setup.mdx @@ -261,6 +261,44 @@ init( ## Content Security Policy + + + +If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration. + +![CSP error handled UI](/img/dashboard/csp-error.png) + + +For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows: + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com +``` + +To resolve this issue, make the following adjustments: + + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com + https://cdn.jsdelivr.net/gh/supertokens/ + +``` +Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy. + + + If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly ```text @@ -268,9 +306,27 @@ script-src: 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/supertokens/ +img-src: + https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ +``` + + + + +If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly +```text +script-src: + 'self' + 'unsafe-inline' + https://cdn.jsdelivr.net/gh/supertokens/ img-src: https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ ``` + + + \ No newline at end of file diff --git a/v2/thirdpartyemailpassword/pre-built-ui/setup/user-management-dashboard/setup.mdx b/v2/thirdpartyemailpassword/pre-built-ui/setup/user-management-dashboard/setup.mdx index 1ceed9bc5..0c108af83 100644 --- a/v2/thirdpartyemailpassword/pre-built-ui/setup/user-management-dashboard/setup.mdx +++ b/v2/thirdpartyemailpassword/pre-built-ui/setup/user-management-dashboard/setup.mdx @@ -261,6 +261,44 @@ init( ## Content Security Policy + + + +If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration. + +![CSP error handled UI](/img/dashboard/csp-error.png) + + +For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows: + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com +``` + +To resolve this issue, make the following adjustments: + + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com + https://cdn.jsdelivr.net/gh/supertokens/ + +``` +Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy. + + + If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly ```text @@ -268,9 +306,27 @@ script-src: 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/supertokens/ +img-src: + https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ +``` + + + + +If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly +```text +script-src: + 'self' + 'unsafe-inline' + https://cdn.jsdelivr.net/gh/supertokens/ img-src: https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ ``` + + + \ No newline at end of file diff --git a/v2/thirdpartypasswordless/custom-ui/init/user-management-dashboard/setup.mdx b/v2/thirdpartypasswordless/custom-ui/init/user-management-dashboard/setup.mdx index 1ceed9bc5..0c108af83 100644 --- a/v2/thirdpartypasswordless/custom-ui/init/user-management-dashboard/setup.mdx +++ b/v2/thirdpartypasswordless/custom-ui/init/user-management-dashboard/setup.mdx @@ -261,6 +261,44 @@ init( ## Content Security Policy + + + +If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration. + +![CSP error handled UI](/img/dashboard/csp-error.png) + + +For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows: + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com +``` + +To resolve this issue, make the following adjustments: + + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com + https://cdn.jsdelivr.net/gh/supertokens/ + +``` +Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy. + + + If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly ```text @@ -268,9 +306,27 @@ script-src: 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/supertokens/ +img-src: + https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ +``` + + + + +If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly +```text +script-src: + 'self' + 'unsafe-inline' + https://cdn.jsdelivr.net/gh/supertokens/ img-src: https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ ``` + + + \ No newline at end of file diff --git a/v2/thirdpartypasswordless/pre-built-ui/setup/user-management-dashboard/setup.mdx b/v2/thirdpartypasswordless/pre-built-ui/setup/user-management-dashboard/setup.mdx index 1ceed9bc5..0c108af83 100644 --- a/v2/thirdpartypasswordless/pre-built-ui/setup/user-management-dashboard/setup.mdx +++ b/v2/thirdpartypasswordless/pre-built-ui/setup/user-management-dashboard/setup.mdx @@ -261,6 +261,44 @@ init( ## Content Security Policy + + + +If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration. + +![CSP error handled UI](/img/dashboard/csp-error.png) + + +For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows: + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com +``` + +To resolve this issue, make the following adjustments: + + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com + https://cdn.jsdelivr.net/gh/supertokens/ + +``` +Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy. + + + If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly ```text @@ -268,9 +306,27 @@ script-src: 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/supertokens/ +img-src: + https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ +``` + + + + +If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly +```text +script-src: + 'self' + 'unsafe-inline' + https://cdn.jsdelivr.net/gh/supertokens/ img-src: https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ ``` + + + \ No newline at end of file diff --git a/v2/userdashboard/about.mdx b/v2/userdashboard/about.mdx index 531aaace2..861744af7 100644 --- a/v2/userdashboard/about.mdx +++ b/v2/userdashboard/about.mdx @@ -267,6 +267,44 @@ init( ## Content Security Policy + + + +If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration. + +![CSP error handled UI](/img/dashboard/csp-error.png) + + +For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows: + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com +``` + +To resolve this issue, make the following adjustments: + + +```text +script-src: + 'self' + 'unsafe-inline' + https://google.com + +img-src: + https://google.com + https://cdn.jsdelivr.net/gh/supertokens/ + +``` +Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy. + + + If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly ```text @@ -274,9 +312,27 @@ script-src: 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/supertokens/ +img-src: + https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ +``` + + + + +If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly +```text +script-src: + 'self' + 'unsafe-inline' + https://cdn.jsdelivr.net/gh/supertokens/ img-src: https://cdn.jsdelivr.net/gh/supertokens/ + https://purecatamphetamine.github.io/ ``` + + + \ No newline at end of file