search

getsentry / sentry-docs

Sentry's documentation (and tools to build it)
https://docs.sentry.io
Other
326 stars 1.43k forks source link

Describe required CSP directives for browser Javascript #7346

Open cweider opened 1 year ago

cweider commented 1 year ago

Core or SDK?

Platform/SDK

Which part? Which one?

Browser JavaScript

Description

Investigating integration of Browser Javascript to a website, one question I need to answer is “what sources do I need to add to which directives in my site's CSP configuration”. As far as I can tell, these requirements are not covered in the documentation (https://docs.sentry.io/platforms/javascript/ etc.).

Note: this concerns the platform/SDK integration, not the CSP Reporting Endpoint integration

Suggested Solution

Both hCaptcha and Stripe have a nice list in their integration guides.

I think the requirement is probably just this:

getsantry[bot] commented 1 year ago

Assigning to @getsentry/support for routing ⏲️

AbhiPrasad commented 1 year ago

Hey @cweider, I think you're correct! We have this in our loader docs, but we should probably add this as a note to all of our sdks (since you'll need the connect-src to ping an external URL).