topic Re: Allow all subdomains in Content Security Policy in Data Movement & Streaming

Allow all subdomains in Content Security Policy

GuilhermeSchneider — Wed, 19 Mar 2025 23:08:30 GMT

Hello,

We making an app that shows instagram images, i'm having trouble because the Image Links keep changing, especially the subdomains. I would need to allow all subdomains of https://www.cdninstagram.com .

I tried *.cdninstagram.com (image attached) but its says that have invalid characters.

Does anyone know how to release all subdomains in Content Security Policy?

Re: Allow all subdomains in Content Security Policy

Akshesh_Patel — Wed, 02 Mar 2022 15:15:45 GMT

Hi,

I think Qlik SaaS will consider '*' as an invalid character because it only supports the address of the origin in the following format: domain.com.

Example 5 from this docs might help : https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP#examples_common_use_cases

Regards,

Re: Allow all subdomains in Content Security Policy

GuilhermeSchneider — Wed, 02 Mar 2022 16:20:15 GMT

But in the example 5 he allows every domain that have images, i want to do that in the same way but only for certain domains.

If I add: scontent-iad3-1.cdninstagram.com (The subdomain that is currently been used to storage my pages images in Instagram) it works but in time to time this subdomain change, for example to: scontent-atl3-2.cdninstagram.com than the images stop working.

Thats why i would need the '*' before domain.com.

This is a limitation of CSP and the only way that i can use this images is keep adding new subdomains that will appear?

Re: Allow all subdomains in Content Security Policy

GuilhermeSchneider — Wed, 09 Mar 2022 20:02:55 GMT

Somebody else is having the same problem?

I need to keep monitoring when the URL's change and add it to the content security policy.

Like for example these facebook URL's:

scontent-dfw5-1.xx.fbcdn.net

scontent-lga3-2.xx.fbcdn.net

scontent-dfw5-2.xx.fbcdn.net

Shouldn't there be a '*' option for all subdomains?

Regards,