Content Security Policy (CSP) is a set of security rules that helps to prevent data injection, cross-site scripting (XSS) and click-jacking on user interfaces such as the TAP Page. CSP defines the sources from which resources can be used.
Without CSP, malicious actors could deface your TAP Page or enable other content to be shown inside the iframe.
With CSP, we only allow your TAP Page to be accessed from pre-defined domain names.
What do you need to do?
- Go to the TAP Page settings section of your TAP dashboard
- Enter the domain at which your TAP Page will sit, for example 'https://universityname.edu' or 'https://universityname.ac.uk'
3. Click 'save'
4. Embed your TAP Page on a web page at the defined domain. Your TAP Page can only be loaded from the domain(s) specified in the dashboard.
If you have any questions at all, please get in touch via: email@example.com 😊