Content security policies (CSP)
The web library loads images, stylesheets, datasets, and JavaScript from DataWollet's servers and CDN to function. It also makes requests to the Open Finance API to process sources.
If you use Content-Security-Policy or Content-Security-Policy-Report-Only headers then please add the URL prefixes specified below to ensure the web library is not blocked or generating false reports.
The sandbox API and production API may or may not be required depending on which environment you are configuring.
| Policy directive | URL prefixes |
|---|---|
connect-src | https://api.datawollet.com https://api.sandbox.datawollet.com https://schema.datawollet.com |
img-src | https://cdn.datawollet.com |
script-src or script-src-elem | https://cdn.datawollet.com |
style-src or style-src-elem | https://cdn.datawollet.com |