How to set Content Security Policy values?

I have an app that requires users to add a user token, which it validates against the Gumroad API. But I’m seeing this error.

Airtable has a document that introduces the new security policy New: tighter security and network access option for marketplace apps, but it doesn’t actually say how to make sure your app supports the new policy.

Is it as simple as setting the Content Security Policy header to include https://api.gumroad.com/v2/licenses/verify?

@Fred_Zhao do you have any insight into this?

This topic was solved and automatically closed 15 days after the last reply. New replies are no longer allowed.

Hi James, sorry for the late reply!

  1. Fixing: I just updated our internal config for Field Validator to be “Allow network access”. This should fix the content security error now.

  2. Declaring network access: I really appreciated your point above, “it doesn’t actually say how to make sure your app supports the new policy.” This is a combination of testing using the developer tooling (see next point) and also letting us know when publishing your app that it requires network access. I’ll check with our team on making this latter point clearer.

  3. Developer tooling: You mentioned that this behavior doesn’t cause problems during development. That’s working as intended, which unfortunately makes development easier but also more surprising when you’re ready to publish. I highly recommend checking out the developer tool for simulating a published production app: New: tighter security and network access option for marketplace apps Hopefully that can help you catch this for this and future apps!

This topic was solved and automatically closed 3 days after the last reply. New replies are no longer allowed.