Skip to main content
Announcements
A fresh, new look for the Data Integration & Quality forums and navigation! Read more about what's changed.
cancel
Showing results for 
Search instead for 
Did you mean: 
GuilhermeSchneider
Contributor II

Allow all subdomains in Content Security Policy

Hello,

We making an app that shows instagram images, i'm having trouble because the Image Links keep changing, especially the subdomains. I would need to allow all subdomains of https://www.cdninstagram.com .

I tried *.cdninstagram.com (image attached) but its says that have invalid characters.

Does anyone know how to release all subdomains in Content Security Policy?

 

Labels (2)
3 Replies
Akshesh_Patel
Support

Hi,

I think Qlik SaaS will consider '*' as an invalid character because it only supports the address of the origin in the following format: domain.com.

Example 5 from this docs might help : https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP#examples_common_use_cases

 

Regards,

 

GuilhermeSchneider
Contributor II
Author

But in the example 5 he allows every domain that have images, i want to do that in the same way but only for certain domains.

If I add: scontent-iad3-1.cdninstagram.com (The subdomain that is currently been used to storage my pages images in Instagram) it works but in time to time this subdomain change, for example to: scontent-atl3-2.cdninstagram.com than the images stop working. 

Thats why i would need the '*' before domain.com.

This is a limitation of CSP and the only way that i can use this images is keep adding new subdomains that will appear?

 

GuilhermeSchneider
Contributor II
Author

Somebody else is having the same problem?

I need to keep monitoring when the URL's change and add it to the content security policy.

Like for example these facebook URL's:

scontent-dfw5-1.xx.fbcdn.net

scontent-lga3-2.xx.fbcdn.net

scontent-dfw5-2.xx.fbcdn.net

 

Shouldn't there be a '*' option for all subdomains?

 

Regards,