Content Security Policy directives

Platform basics

Content-Security-Policy is the name of a HTTP response header that modern browsers use to enhance the security of the document (or web page). The Content-Security-Policy header allows you to restrict how resources such as JavaScript, CSS, or pretty much anything that the browser loads.

Although it is primarily used as a HTTP response header, you can also apply it via a meta tag.

The term Content Security Policy is often abbreviated as CSP.

Content Security Policy is supported by all the major modern browsers, and has been for many years. It is not supported in Internet Explorer.

The Content-Security-Policy header value is made up of one or more directives. The directives necessary for the Fundraise Up platform to function are listed below:

1connect-src
2  fndrsp.net
3  fndrsp-checkout.net
4  *.fundraiseup.com
5  *.stripe.com
6  *.paypal.com           // optional, for PayPal
7  *.paypalobjects.com    // optional, for PayPal
8  *.plaid.com            // optional, for bank transfers
9  *.mastercard.com       // optional, for Click to Pay
10  *.checkout.visa.com    // optional, for Click to Pay
11  pay.google.com         // optional, for Google Pay
12  https://google.com/pay // optional, for Google Pay
13  api.addressy.com       // optional, for UK based accounts
14
15script-src
16  *.fundraiseup.com
17  *.stripe.com
18  m.stripe.network
19  *.plaid.com            // optional, for bank transfers
20  *.src.mastercard.com   // optional, for Click to Pay
21  *.checkout.visa.com    // optional, for Click to Pay
22  pay.google.com         // optional, for Google Pay
23  *.paypal.com           // optional, for PayPal
24  *.paypalobjects.com    // optional, for PayPal
25
26frame-src
27   *.fundraiseup.com
28   *.stripe.com
29   *.src.mastercard.com  // optional, for Click to Pay
30   *.checkout.visa.com   // optional, for Click to Pay
31   *.plaid.com           // optional, for bank transfers
32   *.paypal.com          // optional, for PayPal
33   pay.google.com        // optional, for Google Pay
34
35img-src
36   data:
37   *.fundraiseup.com
38   ucarecdn.com
39   pay.google.com        // optional, for Google Pay
40   *.paypalobjects.com   // optional, for PayPal
41
42font-src
43   *.fundraiseup.com
44   *.stripe.com
45
46style-src
47  'unsafe-inline'
48

Top Topics
Platform basics
Dashboard
Integrations
Payment methods
Payments
Checkout
Donor Portal
Elements
PayPal
Quickstarts
Apple Pay
Stripe
JavaScript API
CRM
Salesforce

Still need help?

Need help with something not covered in Support Center? Connect with a support engineer for more assistance.
Email us