CSP & Domains
Websites that use Content Security Policy (CSP) might not allow default access to domains managed by Fanplayr which are required for its various services and features to function correctly.
This page documents the CSP directives needed to enable Fanplayr's full functionality and is split into two guides, for Simple and Advanced CSP configurations.
Simple CSP configuration
Use the details in this section if your website uses a simple configuration that only makes use of the default-src CSP directive.
If your website allows wildcard domain values:
The following values for the default-src directive will be enough to enable all Fanplayr services:
Note, the unsafe-inline keyword value is required for Fanplayr widgets.
If your website does NOT allow wildcard domain values:
You will need to list each domain used by Fanplayr individual in the default-src directive to enable all services:
Note, the unsafe-inline keyword value is required for Fanplayr widgets.
Advanced CSP configuration
Use this guide if your website uses more than just the default-src CSP directive. As your website uses other more specific directives, you will need to allow access to Fanplayr's domains for multiple directives to enable all services.
Each of the sections below describe a CSP directive and the most specific values needed for Fanplayr to operate correct. If your website allows wildcard domains, many of the values can be shortened to *.fanplayr.com.
script-src
Note, the unsafe-inline keyword value is required for Fanplayr widgets.
style-src
Note, the unsafe-inline keyword value is required for Fanplayr widgets.
img-src
connect-src
Domain List
The following briefly outlines the primary purpose of each Fanplayr-managed domain: