Self-Hosting CSP Configuration

Question

When self-hosting via zip delivery, the Host is set to "Managed by Adobe", archive activated, and a self-hosted path is provided
The contained files are then placed on the server, preserving the directory structure

Regarding the CSP for this configuration. Why is it further required to add 'assets.adobedtm.com' as a trusted resource to allow inline scripts? Is the ZIP file not 100% self contained at this point?

Iceboats · Accepted Answer

Response from Client Care regarding the CSP documentation

"This is a typo in the document, we have raised a request to update it. That sentence is placed incorrectly in the self-hosting section. It belongs in the Adobe-managed hosting section. For self-hosting, you already have allowed scripts from your own domains. So, you do not have to do anything special to allow a Launch library from your own domain to execute."

Iceboats · Answer

I'm referring to this document https://experienceleague.adobe.com/docs/launch/using/reference/client-side-info/content-security-policy-csp.html?lang=en#add-platform-launch-as-a-trusted-source
In particular, this line

Why does assets.adobedtm.com need to be listed in the CSP if we are self hosting ?

Self-hosting

If you are self-hosting your library, then the source for your build is probably your own domain. You can specify that the host domain is a safe source by using the following configuration:

You should specify self as a safe domain so you don’t break any scripts that you are already loading, but you also need assets.adobedtm.com to be listed as safe or your Platform Launch library won’t load on the page.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded