Menu
Which are the required rules to allow a Facebook login?
I currently allow these:
defaultSrc: ["'self'",
'*.facebook.com',
'*.akamaihd.net'],
scriptSrc: ["'self'",
'*.facebook.com',
'*.akamaihd.net',
"'unsafe-inline'",
"'unsafe-eval'"],
frameSrc: [
"'self'",
'*.facebook.com',
'*.akamaihd.net',
styleSrc: ["'self'",
"'unsafe-inline'"],
imgSrc: ["'self'",
'*.akamaihd.net',
'*.facebook.com']
631
I'm using just
{
'default-src': "'none'",
'script-src': "'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net",
'connect-src': "'self'",
'img-src': "'self' www.facebook.com",
'style-src': "'self' 'unsafe-inline'",
'frame-src': "s-static.ak.facebook.com static.ak.facebook.com www.facebook.com",
}
but I'm not sure if there's anything missing.
I don't think you'll need to allow *.akamaihd.net since this is just the CDN Facebook uses, and it is not required for Facebook Login.
171
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
