fix: updating csp (#95)

Basis-Theory · Apr 6, 2023 · 784f0a0 · 784f0a0 · vercel · Apr 6, 2023
1 parent 2d90f9b
commit 784f0a0
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/docs/sdks/web/javascript/content-security-policy.mdx b/docs/sdks/web/javascript/content-security-policy.mdx
@@ -4,13 +4,13 @@ import { Alert, Alerts } from "@site/src/components/shared/Alert";
 
 If you have a [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) deployed in your website, you must include the following directives:
 
-- `script-src` - _https://js.basistheory.com_
-- `frame-src` - _https://elements.basistheory.com_
+- `script-src` - _https://*.basistheory.com_
+- `frame-src` - _https://*.basistheory.com_
 
 ```html showLineNumbers title="CSP"
 <head>
   <meta http-equiv="Content-Security-Policy"
-    content="frame-src https://elements.basistheory.com; script-src https://js.basistheory.com" />
+    content="frame-src https://*.basistheory.com; script-src https://*.basistheory.com" />
 </head>
 ```
 
@@ -42,7 +42,7 @@ The setup above is recommended to avoid errors similar to these:
 </Alert>
 
 <Alert type={Alerts.WARNING}>
-  Refused to frame 'https://elements.basistheory.com/' because it violates the following Content Security Policy directive: (...). Note that 'frame-src' was not explicitly set, so (...) is used as a fallback.
+  Refused to frame 'https://js.basistheory.com/' because it violates the following Content Security Policy directive: (...). Note that 'frame-src' was not explicitly set, so (...) is used as a fallback.
 </Alert>
 
 <Alert type={Alerts.WARNING}>