Add own CSP headers

I am using the standard Docker based install. In our template we need to include Adobe Tag Manager which is loaded from assets.adobedtm.com. The default CSP headers prevent loading of the script.

How can I add or extend the default CSP headers in a “supported” non-hacky way?

Is

  • not using CSP by Discourse
  • using CSP via reverse proxy or similar

hacky way?

1 Like

I just need to know how I can add it e.g. during build of the container to be able to automate it…

Do you mean “content security policy script src” in site settings?

2 Likes

Yes!

And how can I amend e.g. connect-src or other attributes of the policy?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.