CSP in Adobe Commerce

Questions and Answers

PDF Questions PDF Answers

Which directive in the csp_whitelist.xml file specifies the domains that are allowed to embed the current page in an iframe?

connect-src

frame-ancestors (correct)

default-src

frame-src

Which directive in the csp_whitelist.xml file specifies the domains that are allowed to be loaded by the current page through a <script> tag or XMLHttpRequest?

frame-ancestors

default-src

frame-src

connect-src (correct)

What error message will be displayed in the console when an iframe violates the Content Security Policy directive?

Refused to frame [URL] because it violates the Content Security Policy directive. (correct)

Refused to connect to [URL] because it violates the Content Security Policy directive.

Refused to render [URL] because it violates the Content Security Policy directive.

Refused to load script from [URL] because it violates the Content Security Policy directive.

What file should an Adobe Commerce developer add the correct policy ids to in order to fix the error caused by violating the Content Security Policy directive?

csp_whitelist.xml

What is the purpose of the Content Security Policy (CSP)?

To prevent cross-site scripting (XSS) attacks.