Allowing access to all Disqus resources

Aug 6, 2018 00:00 · 119 words · 1 minute read

In this post we will see how we can allowing access to all Disqus resources when you have a Content Security Policy header in your web application.

To have a secured web application, you have to add some HTTP headers with security policies, ref

And if you are using Disqus in your web application, Disqus will not be loaded when your app it’s deployed and you should see an error in the console like:

Refused to frame '' because it violates the following Content Security Policy directive: "frame-src 'self' ...

For resolving this issue, you have to add some url’s to configure here:

As shown below.

<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline' https://* https://* ;">