cameronmarlow

cameronmarlow
Level 1
Menlo Park, CA
CTO
Contact Me
Online Status
Offline
Date Last Visited
‎05-07-2020 04:40 PM

Top Badges Earned

Customize up to 8 badges at the top of your trophy case for all other Community members to see!Customize up to 8 badges at the top of your trophy case for all other Community members to see!
  • Establish Establish Earned on 2.08.21 Earned by 1592 people Select to learn more
  • Give Back 1 Give Back 1 Earned on 2.08.21 Earned by 2810 people Select to learn more
  • Ignite 1 Ignite 1 Earned on 2.08.21 Earned by 2803 people Select to learn more

Re: Valid CSP rules

by Level 1 in Product Discussions
‎03-10-2020 10:12 AM
‎03-10-2020 10:12 AM
The CSP policy is set by the web server, and ours is quite locked down due to security constraints. I need to add an exception for every host being accessed from our web pages.   I did see that {{Munchkin ID}}.mktoresp.com was being requested, but now also {{Munchkin ID}}.mktoutil.com, neither of which is documented in the official documentation.   Most Javascript APIs these days have a canonical set of CSP rules and I was simply looking for that set. ... View more

Re: Valid CSP rules

by Level 1 in Product Discussions
‎03-09-2020 11:25 AM
‎03-09-2020 11:25 AM
Sorry for not being clear! It's Content Security Policy: https://en.wikipedia.org/wiki/Content_Security_Policy Which is a large industry standard to prevent cross-site scripting (XSS). It allows a host to restrict what other hosts can load scripts on that page. So for instance, if you want to load the munchkin script, you would need to add "munchkin.marketo.net" to your "script-src" block of your CSP. It appears that the Munchkin code makes lots of callbacks to other hosts and this doesn't seem to be documented anywhere. ... View more

Valid CSP rules

by Level 1 in Product Discussions
‎03-09-2020 10:51 AM
‎03-09-2020 10:51 AM
Hi there,   Does anyone have a comprehensive list of content security policy (CSP) rules for Munchkin tracking on a website? It's unclear from the documentation which hosts need to be included in order to make Munchkin work in production. I have included munchkin.marketo.net in the script-src block but it appears that this makes callbacks to a number of other hosts and I can't find where these are listed.   Thanks! ... View more
Latest Tags
No tags yet
Public Statistics
Date Registered ‎02-11-2020 08:28 PM
Date Last Visited ‎05-07-2020 04:40 PM
Total Messages Posted 3
Home