diff --git a/v2/emailpassword/custom-ui/init/user-management-dashboard/setup.mdx b/v2/emailpassword/custom-ui/init/user-management-dashboard/setup.mdx
index 1ceed9bc5..0c108af83 100644
--- a/v2/emailpassword/custom-ui/init/user-management-dashboard/setup.mdx
+++ b/v2/emailpassword/custom-ui/init/user-management-dashboard/setup.mdx
@@ -261,6 +261,44 @@ init(
## Content Security Policy
+
+
+
+If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration.
+
+![CSP error handled UI](/img/dashboard/csp-error.png)
+
+
+For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows:
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+```
+
+To resolve this issue, make the following adjustments:
+
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+ https://cdn.jsdelivr.net/gh/supertokens/
+
+```
+Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy.
+
+
+
If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
```text
@@ -268,9 +306,27 @@ script-src:
'self'
'unsafe-inline'
https://cdn.jsdelivr.net/gh/supertokens/
+img-src:
+ https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
+```
+
+
+
+
+If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://cdn.jsdelivr.net/gh/supertokens/
img-src:
https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
```
+
+
+
\ No newline at end of file
diff --git a/v2/emailpassword/pre-built-ui/setup/user-management-dashboard/setup.mdx b/v2/emailpassword/pre-built-ui/setup/user-management-dashboard/setup.mdx
index 1ceed9bc5..0c108af83 100644
--- a/v2/emailpassword/pre-built-ui/setup/user-management-dashboard/setup.mdx
+++ b/v2/emailpassword/pre-built-ui/setup/user-management-dashboard/setup.mdx
@@ -261,6 +261,44 @@ init(
## Content Security Policy
+
+
+
+If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration.
+
+![CSP error handled UI](/img/dashboard/csp-error.png)
+
+
+For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows:
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+```
+
+To resolve this issue, make the following adjustments:
+
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+ https://cdn.jsdelivr.net/gh/supertokens/
+
+```
+Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy.
+
+
+
If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
```text
@@ -268,9 +306,27 @@ script-src:
'self'
'unsafe-inline'
https://cdn.jsdelivr.net/gh/supertokens/
+img-src:
+ https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
+```
+
+
+
+
+If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://cdn.jsdelivr.net/gh/supertokens/
img-src:
https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
```
+
+
+
\ No newline at end of file
diff --git a/v2/passwordless/custom-ui/init/user-management-dashboard/setup.mdx b/v2/passwordless/custom-ui/init/user-management-dashboard/setup.mdx
index 1ceed9bc5..0c108af83 100644
--- a/v2/passwordless/custom-ui/init/user-management-dashboard/setup.mdx
+++ b/v2/passwordless/custom-ui/init/user-management-dashboard/setup.mdx
@@ -261,6 +261,44 @@ init(
## Content Security Policy
+
+
+
+If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration.
+
+![CSP error handled UI](/img/dashboard/csp-error.png)
+
+
+For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows:
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+```
+
+To resolve this issue, make the following adjustments:
+
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+ https://cdn.jsdelivr.net/gh/supertokens/
+
+```
+Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy.
+
+
+
If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
```text
@@ -268,9 +306,27 @@ script-src:
'self'
'unsafe-inline'
https://cdn.jsdelivr.net/gh/supertokens/
+img-src:
+ https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
+```
+
+
+
+
+If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://cdn.jsdelivr.net/gh/supertokens/
img-src:
https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
```
+
+
+
\ No newline at end of file
diff --git a/v2/passwordless/pre-built-ui/setup/user-management-dashboard/setup.mdx b/v2/passwordless/pre-built-ui/setup/user-management-dashboard/setup.mdx
index 1ceed9bc5..0c108af83 100644
--- a/v2/passwordless/pre-built-ui/setup/user-management-dashboard/setup.mdx
+++ b/v2/passwordless/pre-built-ui/setup/user-management-dashboard/setup.mdx
@@ -261,6 +261,44 @@ init(
## Content Security Policy
+
+
+
+If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration.
+
+![CSP error handled UI](/img/dashboard/csp-error.png)
+
+
+For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows:
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+```
+
+To resolve this issue, make the following adjustments:
+
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+ https://cdn.jsdelivr.net/gh/supertokens/
+
+```
+Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy.
+
+
+
If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
```text
@@ -268,9 +306,27 @@ script-src:
'self'
'unsafe-inline'
https://cdn.jsdelivr.net/gh/supertokens/
+img-src:
+ https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
+```
+
+
+
+
+If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://cdn.jsdelivr.net/gh/supertokens/
img-src:
https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
```
+
+
+
\ No newline at end of file
diff --git a/v2/static/img/dashboard/csp-error.png b/v2/static/img/dashboard/csp-error.png
new file mode 100644
index 000000000..b16070dda
Binary files /dev/null and b/v2/static/img/dashboard/csp-error.png differ
diff --git a/v2/thirdparty/custom-ui/init/user-management-dashboard/setup.mdx b/v2/thirdparty/custom-ui/init/user-management-dashboard/setup.mdx
index 1ceed9bc5..0c108af83 100644
--- a/v2/thirdparty/custom-ui/init/user-management-dashboard/setup.mdx
+++ b/v2/thirdparty/custom-ui/init/user-management-dashboard/setup.mdx
@@ -261,6 +261,44 @@ init(
## Content Security Policy
+
+
+
+If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration.
+
+![CSP error handled UI](/img/dashboard/csp-error.png)
+
+
+For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows:
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+```
+
+To resolve this issue, make the following adjustments:
+
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+ https://cdn.jsdelivr.net/gh/supertokens/
+
+```
+Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy.
+
+
+
If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
```text
@@ -268,9 +306,27 @@ script-src:
'self'
'unsafe-inline'
https://cdn.jsdelivr.net/gh/supertokens/
+img-src:
+ https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
+```
+
+
+
+
+If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://cdn.jsdelivr.net/gh/supertokens/
img-src:
https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
```
+
+
+
\ No newline at end of file
diff --git a/v2/thirdparty/pre-built-ui/setup/user-management-dashboard/setup.mdx b/v2/thirdparty/pre-built-ui/setup/user-management-dashboard/setup.mdx
index 1ceed9bc5..0c108af83 100644
--- a/v2/thirdparty/pre-built-ui/setup/user-management-dashboard/setup.mdx
+++ b/v2/thirdparty/pre-built-ui/setup/user-management-dashboard/setup.mdx
@@ -261,6 +261,44 @@ init(
## Content Security Policy
+
+
+
+If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration.
+
+![CSP error handled UI](/img/dashboard/csp-error.png)
+
+
+For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows:
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+```
+
+To resolve this issue, make the following adjustments:
+
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+ https://cdn.jsdelivr.net/gh/supertokens/
+
+```
+Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy.
+
+
+
If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
```text
@@ -268,9 +306,27 @@ script-src:
'self'
'unsafe-inline'
https://cdn.jsdelivr.net/gh/supertokens/
+img-src:
+ https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
+```
+
+
+
+
+If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://cdn.jsdelivr.net/gh/supertokens/
img-src:
https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
```
+
+
+
\ No newline at end of file
diff --git a/v2/thirdpartyemailpassword/custom-ui/init/user-management-dashboard/setup.mdx b/v2/thirdpartyemailpassword/custom-ui/init/user-management-dashboard/setup.mdx
index 1ceed9bc5..0c108af83 100644
--- a/v2/thirdpartyemailpassword/custom-ui/init/user-management-dashboard/setup.mdx
+++ b/v2/thirdpartyemailpassword/custom-ui/init/user-management-dashboard/setup.mdx
@@ -261,6 +261,44 @@ init(
## Content Security Policy
+
+
+
+If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration.
+
+![CSP error handled UI](/img/dashboard/csp-error.png)
+
+
+For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows:
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+```
+
+To resolve this issue, make the following adjustments:
+
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+ https://cdn.jsdelivr.net/gh/supertokens/
+
+```
+Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy.
+
+
+
If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
```text
@@ -268,9 +306,27 @@ script-src:
'self'
'unsafe-inline'
https://cdn.jsdelivr.net/gh/supertokens/
+img-src:
+ https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
+```
+
+
+
+
+If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://cdn.jsdelivr.net/gh/supertokens/
img-src:
https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
```
+
+
+
\ No newline at end of file
diff --git a/v2/thirdpartyemailpassword/pre-built-ui/setup/user-management-dashboard/setup.mdx b/v2/thirdpartyemailpassword/pre-built-ui/setup/user-management-dashboard/setup.mdx
index 1ceed9bc5..0c108af83 100644
--- a/v2/thirdpartyemailpassword/pre-built-ui/setup/user-management-dashboard/setup.mdx
+++ b/v2/thirdpartyemailpassword/pre-built-ui/setup/user-management-dashboard/setup.mdx
@@ -261,6 +261,44 @@ init(
## Content Security Policy
+
+
+
+If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration.
+
+![CSP error handled UI](/img/dashboard/csp-error.png)
+
+
+For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows:
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+```
+
+To resolve this issue, make the following adjustments:
+
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+ https://cdn.jsdelivr.net/gh/supertokens/
+
+```
+Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy.
+
+
+
If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
```text
@@ -268,9 +306,27 @@ script-src:
'self'
'unsafe-inline'
https://cdn.jsdelivr.net/gh/supertokens/
+img-src:
+ https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
+```
+
+
+
+
+If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://cdn.jsdelivr.net/gh/supertokens/
img-src:
https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
```
+
+
+
\ No newline at end of file
diff --git a/v2/thirdpartypasswordless/custom-ui/init/user-management-dashboard/setup.mdx b/v2/thirdpartypasswordless/custom-ui/init/user-management-dashboard/setup.mdx
index 1ceed9bc5..0c108af83 100644
--- a/v2/thirdpartypasswordless/custom-ui/init/user-management-dashboard/setup.mdx
+++ b/v2/thirdpartypasswordless/custom-ui/init/user-management-dashboard/setup.mdx
@@ -261,6 +261,44 @@ init(
## Content Security Policy
+
+
+
+If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration.
+
+![CSP error handled UI](/img/dashboard/csp-error.png)
+
+
+For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows:
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+```
+
+To resolve this issue, make the following adjustments:
+
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+ https://cdn.jsdelivr.net/gh/supertokens/
+
+```
+Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy.
+
+
+
If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
```text
@@ -268,9 +306,27 @@ script-src:
'self'
'unsafe-inline'
https://cdn.jsdelivr.net/gh/supertokens/
+img-src:
+ https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
+```
+
+
+
+
+If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://cdn.jsdelivr.net/gh/supertokens/
img-src:
https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
```
+
+
+
\ No newline at end of file
diff --git a/v2/thirdpartypasswordless/pre-built-ui/setup/user-management-dashboard/setup.mdx b/v2/thirdpartypasswordless/pre-built-ui/setup/user-management-dashboard/setup.mdx
index 1ceed9bc5..0c108af83 100644
--- a/v2/thirdpartypasswordless/pre-built-ui/setup/user-management-dashboard/setup.mdx
+++ b/v2/thirdpartypasswordless/pre-built-ui/setup/user-management-dashboard/setup.mdx
@@ -261,6 +261,44 @@ init(
## Content Security Policy
+
+
+
+If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration.
+
+![CSP error handled UI](/img/dashboard/csp-error.png)
+
+
+For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows:
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+```
+
+To resolve this issue, make the following adjustments:
+
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+ https://cdn.jsdelivr.net/gh/supertokens/
+
+```
+Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy.
+
+
+
If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
```text
@@ -268,9 +306,27 @@ script-src:
'self'
'unsafe-inline'
https://cdn.jsdelivr.net/gh/supertokens/
+img-src:
+ https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
+```
+
+
+
+
+If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://cdn.jsdelivr.net/gh/supertokens/
img-src:
https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
```
+
+
+
\ No newline at end of file
diff --git a/v2/userdashboard/about.mdx b/v2/userdashboard/about.mdx
index 531aaace2..861744af7 100644
--- a/v2/userdashboard/about.mdx
+++ b/v2/userdashboard/about.mdx
@@ -267,6 +267,44 @@ init(
## Content Security Policy
+
+
+
+If your backend returns a `Content-Security-Policy` header, you will encounter the following UI displaying the CSP violation details. Follow the instructions provided in this UI to make necessary adjustments to your backend CSP configuration.
+
+![CSP error handled UI](/img/dashboard/csp-error.png)
+
+
+For example, to address the error message displayed in the above screenshot, you need to modify your `original policy`. In the given example, it appears as follows:
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+```
+
+To resolve this issue, make the following adjustments:
+
+
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://google.com
+
+img-src:
+ https://google.com
+ https://cdn.jsdelivr.net/gh/supertokens/
+
+```
+Essentially, you need to include the domain listed as the `Blocked URI` in your violated directive block within your original policy.
+
+
+
If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
```text
@@ -274,9 +312,27 @@ script-src:
'self'
'unsafe-inline'
https://cdn.jsdelivr.net/gh/supertokens/
+img-src:
+ https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
+```
+
+
+
+
+If you return a `Content-Security-Policy` header in from your backend, you will need to include the following directives for the user management dashboard to work correctly
+```text
+script-src:
+ 'self'
+ 'unsafe-inline'
+ https://cdn.jsdelivr.net/gh/supertokens/
img-src:
https://cdn.jsdelivr.net/gh/supertokens/
+ https://purecatamphetamine.github.io/
```
+
+
+
\ No newline at end of file