trying to access the dashboard
# support-questions-legacy
d
trying to access the dashboard
n
Hi @dhatguy Youll need to allow
https://cdn.jsdelivr.net/gh/supertokens/*
in your content security policy headers
d
how do I go about that?
n
What stack are you using?
d
express
n
Are you using any middleware to support content security policy?
d
nope
n
Are you manually adding a
Content-Security-Policy
header to your responses
d
oh yes, helmet
n
Ah one sec
You can do something like this
Copy code
app.use(
  helmet.contentSecurityPolicy({
    directives: {
      "default-src": ["https://cdn.jsdelivr.net/gh/supertokens/"]
    },
  })
);
d
okay, didn't work
but this did with some errors too
Copy code
app.use(
    helmet.contentSecurityPolicy({
      directives: {
        "script-src": ["https://cdn.jsdelivr.net/gh/supertokens/"],
      },
    })
  );
n
What error did you get when you used the snippet i sent?
d
same error
n
Copy code
app.use(
  helmet.contentSecurityPolicy({
    directives: {
      "default-src": ["https://cdn.jsdelivr.net/gh/supertokens/", "unsafe-inline]
    },
  })
);
Try that
d
still same. I made research about the error and this snippet got it working
Copy code
app.use(
    helmet({
      crossOriginEmbedderPolicy: false,
      contentSecurityPolicy: {
        ...helmet.contentSecurityPolicy.getDefaultDirectives(),
        directives: {
          scriptSrc: [
            "'self'",
            "'unsafe-inline'",
            "https://cdn.jsdelivr.net/gh/supertokens/",
          ],
          imgSrc: ["'self'", "https://*.net", "https://*.com"],
        },
      },
    })
  );
n
Ah right, glad you got it to work
We will include this in the docs as well
Thanks!
9 Views