When embedding the Smart UI into your applications below are the CSP policies that need to be taken into account.
FrankieOne Content Security Policy
<meta http-equiv="Content-Security-Policy" content=" default-src 'self' *.frankiefinancial.io; style-src 'self' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; script-src 'self' maps.googleapis.com; report-uri *.ingest.sentry.io *.clarity.ms; img-src 'self' assets.frankiefinancial.io sync.onfido.com data:; connect-src blob: *.onfido.com wss://*.onfido.com; " />
Onfido Content Security Policy
When using the smart UI with the biometrics component turned on / configured you'll also need to take into account Onfido's Content security policies which can be found in their documentation https://documentation.onfido.com/sdk/web/#content-security-policy-issues
Any page that would have the smart UI should allow a referrer to be sent as it’s required for Onfido API requests.
Alternatively if you'd like to have the no-referrer header setting you could update your implementation when getting the token to pass in the referrer that we can use to pass the information to Onfido. Please see our documentation available here https://apidocs.frankiefinancial.com/docs/getting-started
Updated 8 days ago