How to set up CSP (Content Security Policy) to work with Web SDK?

If your website makes use of Content Security Policy (, then additional configuration is needed in order to make the WebSDK work correctly.The following directives must be present:
script-src 'unsafe-eval';
connect-src https://* https://*;
img-src data:;
child-src blob:;
worker-src blob:;
Depending on the external Scandit Engine library location (engineLocation option), the following directives must also be set, in combination with existing ones.
If the library is loaded from the same website:
script-src 'self';
connect-src 'self';
If the library is loaded from a different website:


Was this article helpful?
0 out of 3 found this helpful
Have more questions? Submit a request