Expand my Community achievements bar.

Help shape the future of AI assistance by participating in this quick card sorting activity. Your input will help create a more effective system that better serves your needs and those of your colleagues.
SOLVED

Self-Hosting CSP Configuration

Avatar

Level 3

When self-hosting via zip delivery, the Host is set to "Managed by Adobe", archive activated, and a self-hosted path is provided
The contained files are then placed on the server, preserving the directory structure

 

Regarding the CSP for this configuration. Why is it further required to add 'assets.adobedtm.com' as a trusted resource to allow inline scripts? Is the ZIP file not 100% self contained at this point?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Level 3

Response from Client Care regarding the CSP documentation

 

"This is a typo in the document, we have raised a request to update it. That sentence is placed incorrectly in the self-hosting section. It belongs in the Adobe-managed hosting section. For self-hosting, you already have allowed scripts from your own domains. So, you do not have to do anything special to allow a Launch library from your own domain to execute."

View solution in original post

3 Replies

Avatar

Level 3

I'm referring to this document https://experienceleague.adobe.com/docs/launch/using/reference/client-side-info/content-security-pol...
In particular, this line

 

Why does assets.adobedtm.com need to be listed in the CSP if we are self hosting ?

Self-hosting

If you are self-hosting your library, then the source for your build is probably your own domain. You can specify that the host domain is a safe source by using the following configuration:

You should specify self as a safe domain so you don’t break any scripts that you are already loading, but you also need assets.adobedtm.com to be listed as safe or your Platform Launch library won’t load on the page.

Avatar

Level 3
I spoke with Client Care and they replied

Avatar

Correct answer by
Level 3

Response from Client Care regarding the CSP documentation

 

"This is a typo in the document, we have raised a request to update it. That sentence is placed incorrectly in the self-hosting section. It belongs in the Adobe-managed hosting section. For self-hosting, you already have allowed scripts from your own domains. So, you do not have to do anything special to allow a Launch library from your own domain to execute."