Consultation : Do you use the Remote CSP Allow List? #258
GeekInTheNorth
started this conversation in
Polls
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Reason for Consultation:
At some point in the near future, a refactoring of the Stott Security module will be taking place to split functionality to support both Optimizely SAAS CMS and Optimizely PAAS CMS. As part of this, I am looking at functionality that has been built, but I suspect is not being used.
Remote CSP Allow List Functionality
The Remote CSP Allow List was added to support agencies with dedicated Data Teams that would inject common tooling through GTM into websites for multiple clients. This would allow a JSON file to be hosted somewhere with a fixed list of CSP Sources and which directives they could be applied to the CSP in all of their implementations. This would allow a team that commonly uses Hotjar to not need to log into the CMS and add Hotjar to the CSP for their clients as this would be automatically added upon detection.
This functionality has not been used within the Agencies I have worked with, the impact of removing it is negligible and it would remove one extra function for refactoring as well as making the internal reporting APIs more responsive. To help me make this decision, please review and respond to the Poll below.
1 vote ·
Beta Was this translation helpful? Give feedback.
All reactions