Allowing access to all Disqus resources

Aug 6, 2018 00:00 · 119 words · 1 minute read

In this post we will see how we can allowing access to all Disqus resources when you have a Content Security Policy header in your web application.

To have a secured web application, you have to add some HTTP headers with security policies, ref https://content-security-policy.com/.

And if you are using Disqus in your web application, Disqus will not be loaded when your app it’s deployed and you should see an error in the console like:

Refused to frame 'https://disqus.com/' because it violates the following Content Security Policy directive: "frame-src 'self' ...

For resolving this issue, you have to add some url’s to configure here:

https://disqus.com
https://*.disqus.com
https://*.disquscdn.com

As shown below.

<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline' https://disqus.com https://*.disqus.com https://*.disquscdn.com ;">