Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Self-Hosting CSP Configuration

Alandy_Iceboats
Level 3
Level 3

When self-hosting via zip delivery, the Host is set to "Managed by Adobe", archive activated, and a self-hosted path is provided
The contained files are then placed on the server, preserving the directory structure

 

Regarding the CSP for this configuration. Why is it further required to add 'assets.adobedtm.com' as a trusted resource to allow inline scripts? Is the ZIP file not 100% self contained at this point?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution
Alandy_Iceboats
Correct answer by
Level 3
Level 3

Response from Client Care regarding the CSP documentation

 

"This is a typo in the document, we have raised a request to update it. That sentence is placed incorrectly in the self-hosting section. It belongs in the Adobe-managed hosting section. For self-hosting, you already have allowed scripts from your own domains. So, you do not have to do anything special to allow a Launch library from your own domain to execute."

View solution in original post

0 Replies
Alandy_Iceboats
Level 3
Level 3

I'm referring to this document https://experienceleague.adobe.com/docs/launch/using/reference/client-side-info/content-security-pol...
In particular, this line

 

Why does assets.adobedtm.com need to be listed in the CSP if we are self hosting ?

Self-hosting

If you are self-hosting your library, then the source for your build is probably your own domain. You can specify that the host domain is a safe source by using the following configuration:

You should specify self as a safe domain so you don’t break any scripts that you are already loading, but you also need assets.adobedtm.com to be listed as safe or your Platform Launch library won’t load on the page.

Alandy_Iceboats
Level 3
Level 3
I spoke with Client Care and they replied
Alandy_Iceboats
Correct answer by
Level 3
Level 3

Response from Client Care regarding the CSP documentation

 

"This is a typo in the document, we have raised a request to update it. That sentence is placed incorrectly in the self-hosting section. It belongs in the Adobe-managed hosting section. For self-hosting, you already have allowed scripts from your own domains. So, you do not have to do anything special to allow a Launch library from your own domain to execute."

View solution in original post