When embedding the Smart UI into your applications, below are the CSP policies that need to be taken into account, in case you use CSP restrictions.
FrankieOne Content Security Policy
<meta http-equiv="Content-Security-Policy" content=" default-src 'self' *.frankiefinancial.io; style-src 'self' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; script-src 'self' maps.googleapis.com; report-uri *.ingest.sentry.io *.clarity.ms; img-src 'self' assets.frankiefinancial.io sync.onfido.com data:; connect-src blob: *.onfido.com wss://*.onfido.com; " />
When using the smart UI with the idScanVerification option turned on, you'll also need to take into account Onfido's Content security policies which can be found in their documentation https://documentation.onfido.com/sdk/web/#content-security-policy-issues
If the disableThirdPartyAnalytics option is not set to true, then you also need to add policies for Hotjar, as specified in their documentation
For the Smart UI only, this is just a recommendation, but in case you wish to enable idScanVerification and use Onfido, they require referrer header to be available.
Updated 3 months ago