Overview
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. If you are running into an issue with your CSP, you may need to make an adjustment to allow our product.
This article outlines the minimum required directives to allow Feedback full functionality. If you need to enable CSP for Pendo’s Insights & Guidance platform, head here.
Minimum Required Directives
Note: Replace all occurrences of
foo.example.com
below with your appropriate hostname. You may include https://
before any hostnames if desired.Minimum Required CSP Directives For US/Worldwide Non-EU Clients:
Full functionality including embedding Feedback in the Pendo Resource Center
connect-src foo.example.com api.feedback.us.pendo.io
frame-src foo.example.com portal.feedback.us.pendo.io
Minimum requirements for Feedback to function
connect-src foo.example.com api.feedback.us.pendo.io
Minimum Required CSP Directives For EU Clients:
Full functionality including embedding Feedback in the Pendo Resource Center
connect-src foo.example.com api.feedback.eu.pendo.io
frame-src foo.example.com portal.feedback.eu.pendo.io
Minimum requirements for Feedback to function
connect-src api.feedback.eu.pendo.io