Re: Allow all subdomains in Content Security Polic... - Qlik Community

GuilhermeSchneider · ‎2022-03-02

Hello,

We making an app that shows instagram images, i'm having trouble because the Image Links keep changing, especially the subdomains. I would need to allow all subdomains of https://www.cdninstagram.com .

I tried *.cdninstagram.com (image attached) but its says that have invalid characters.

Does anyone know how to release all subdomains in Content Security Policy?

Akshesh_Patel · ‎2022-03-02

Hi,

I think Qlik SaaS will consider '*' as an invalid character because it only supports the address of the origin in the following format: domain.com.

Example 5 from this docs might help : https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP#examples_common_use_cases

Regards,

GuilhermeSchneider · ‎2022-03-02

But in the example 5 he allows every domain that have images, i want to do that in the same way but only for certain domains.

If I add: scontent-iad3-1.cdninstagram.com (The subdomain that is currently been used to storage my pages images in Instagram) it works but in time to time this subdomain change, for example to: scontent-atl3-2.cdninstagram.com than the images stop working.

Thats why i would need the '*' before domain.com.

This is a limitation of CSP and the only way that i can use this images is keep adding new subdomains that will appear?

GuilhermeSchneider · ‎2022-03-09

Somebody else is having the same problem?

I need to keep monitoring when the URL's change and add it to the content security policy.

Like for example these facebook URL's:

scontent-dfw5-1.xx.fbcdn.net

scontent-lga3-2.xx.fbcdn.net

scontent-dfw5-2.xx.fbcdn.net

Shouldn't there be a '*' option for all subdomains?

Regards,

Allow all subdomains in Content Security Policy

General Question

Qlik Cloud Data Integration