Userlike is now Lime Connect. Find more information here

logo

Intro

Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.
If you use CSP on your website, you need to add one of the following rules to make Lime Connect work.

Rule with font loading

Use this CSP rule when you intend to use custom webfonts in the Website Messenger.
markdown
child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net blob:;
connect-src wss://umd.userlike.com umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net userlike-cdn-umm.b-cdn.net www.userlike.com blob: userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-store-media-files.s3.amazonaws.com;
font-src data: userlike-cdn-umm.b-cdn.net fonts.gstatic.com;
frame-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net www.youtube.com player.vimeo.com;
img-src data: userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-operators.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com blob:;
media-src userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com www.userlike.com blob:;
object-src 'none';
script-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net 'wasm-unsafe-eval';
style-src 'unsafe-inline';

Rule without font loading

Use this CSP rule when you intend to use system fonts in the Website Messenger.
markdown
child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net blob:;
connect-src wss://umd.userlike.com umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net userlike-cdn-umm.b-cdn.net www.userlike.com blob: userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-store-media-files.s3.amazonaws.com;
frame-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net www.youtube.com player.vimeo.com;
img-src data: userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-operators.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com blob:;
media-src userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com www.userlike.com blob:;
object-src 'none';
script-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net 'wasm-unsafe-eval';
style-src 'unsafe-inline';
👉🏻
read this article in English: https://docs.userlike.com/setup/widget-integration/content-security-policy
Google Tag Manager
WordPress
Powered by Notaku
Imprint/Impressum
Share
Content
Content Security Policy
Intro
Rule with font loading
Rule without font loading