If using a Content Security Policy, then additional configuration is required for supporting the Scandit SDK. Add the required directives:
{
"key": "Content-Security-Policy",
"value": "default-src 'self' blob: data:; worker-src 'self' blob: data: https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data:;connect-src 'self' https://*.scandit.com; img-src 'self' data: blob:; style-src 'self' 'unsafe-inline'"
}Depending on the external Scandit Engine library location (engineLocation option), the following directives must also be set, in combination with existing ones.
- If the library is loaded from the same website:
script-src 'self';
connect-src 'self';
- If the library is loaded from a different website:
script-src example.com;
connect-src example.com;