This section is for advanced users only. Deploying third-party code could potentially break your B2B Direct site...proceed with caution
⚠️ Do not place duplicate URL's under the same Policy Type ⚠️
Juniper by default has disabled adding third-party URLs or tracking codes to prevent unauthorized code from being executed on your site.
If you are adding third-party URLs or tracking codes to your B2B Direct site, and they are not approved you will need to enable any third-party URLs via our content security policies tool. You can see what is being blocked by using the Google Chrome browser and reviewing the Console...see here: https://developer.chrome.com/docs/devtools/open/#console
1. Using the left navigation menu, select Settings. Using the top navigation tabs, select Site Configuration
2. Using the right accordion, select Advanced then Edit for Content Security Policies
3. Inside the Edit modal ... select your Policy Type
- default-src ~ serves as a fallback for the other CSP policy types
- script-src ~ images, fonts, and so on can be loaded from any origin
- style-src ~ is script-src's counterpart for stylesheets.
- img-src ~ defines the origins from which images can be loaded.
- font-src ~specifies the origins that can serve web fonts. Google's web fonts could be enabled via font-src https://themes.googleusercontent.com
- object-src ~ allows control over Flash and other plugins.
- media-src ~ restricts the origins allowed to deliver video and audio
- frame-src ~ was deprecated in level 2 but is restored in level 3. If not present it still falls back to child-src as before.
- connect-src ~ limits the origins that you can connect to (via XHR, WebSockets, and EventSource).
4. Insert your Policy URL...then Add Policy
⚠️ Always use the full URL with https://
⚠️ The only time you will need a wildcard * is before the domain name, not after
5. Once added you will see your policies sorted by Policy Type under Added Policies...use the trash can to delete.
6. An update button will appear after adding policies, be sure to click the button to finish the update.
7. Visit YourDomainName.com/clear to see changes, replacing YourDomainName with your B2B Direct site URL.
Best Practices + FAQS
"I see an error for blob in Console....how do I enable this?"
Adding blob: as default-src & any other policies mentioned in Console will enable this
"As I progress through my 3rd party form or add-on, it disappears?!"
As you advance through your 3rd party form or add-on, you may need to enable additional policy types. Monitor the Console as you advance through your 3rd party form or add-on. Add the additional policy types that are blocked.
"What is Console?"
You can see what is being blocked by using the Google Chrome browser Dev Tools and reviewing the Console...see here: https://developer.chrome.com/docs/devtools/open/#console
Comments
0 comments
Please sign in to leave a comment.