Mashup Content
|
CSP Directive
|
Resolution
|
---|---|---|
Widgets that embed content using direct links, such as the Web Frame widget. This widget supports embedding content in a mashup by specifying links from external sources using a URL property.
|
frame-src
|
Test all web frame widgets and make sure that frame-src directive does not block the URL property value. Add any required URLs to the values for the CSP frame-src directive.
|
Mashup items, such as widgets, functions, or containers with one or more properties that support loading images from a URL. For example, when the ImageSRC property of an Image widget is set to load an image from a URL. This option is available in the media entity picker in Mashup Builder. The following items in a mashup contain one or more properties that support loading images from a URL: • Widgets: Button Widget (Themable), Checkbox Widget (Themable), Date Time Picker Widget (Themable), Dropdown Widget (Themable), Dynamic Panel Widget (Themed), File Upload Widget (Themable), Grid Widget, Icon Widget (Themable), Image Widget (Themable), Label Widget (Themable), Radio Button Widget (Themable), Text Area Widget, Text Field Widget (Themable), Toggle Button Widget (Themable), Value Display Widget (Themable), Menu Bar Widget (Themable), Tabs Widget (Legacy), Tabs — Responsive Widget (Legacy) • Functions: Confirmation Function. • Container: Flexbox Container |
img-src
|
Review image URL values for these items and add any URLs to the img-src directive.
|
Widgets that use State Definition, Style Definition, or Menu Definition entities can link to an image on an external URL.
|
img-src
|
Review Media entities used in widget style or state definitions and add any external; URLs to the img-src CSP directive.
|
Widgets that display data like Grid and Value Display may contain HTML or execute JavaScript code. Loading this type of content in a mashup requires multiple types of CSP directives. For example, when a widget displays HTML that embeds images or references objects.
|
All
|
Review any HTML code that is displayed and make sure any references align with the CSP policy. Update directives that are required to display the HTML data.
|
Mashups using custom CSS may be affected when external images, fonts, or styles are referenced. By default, using the @import statement to import files that are not placed in /Thingworx/FileRepositories is blocked.
|
style-src, image-src, font-src
|
Review the Custom CSS tab of any affected mashups or style themes and update the relevant CSP directives.
|
Imported extensions, such as custom widgets that contain external references to frames, images, fonts, or styles, or URLs.
|
All
|
Review the external references required to load and use the extension, then update the CSP directive values to allow any required references.
|
Changes to the CSP directives on the Content Security Policy Rules tab of the PlatformSystem may take up to a minute to update. |