Help

How to set Content Security Policy values?

Topic Labels: Custom Extensions
Solved
Jump to Solution
1885 2
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
James_Timmins
5 - Automation Enthusiast
5 - Automation Enthusiast
See Solution in Thread

‎Jun 01, 2022 01:34 PM

I have an app that requires users to add a user token, which it validates against the Gumroad API. But I’m seeing this error.

image

Airtable has a document that introduces the new security policy New: tighter security and network access option for marketplace apps, but it doesn’t actually say how to make sure your app supports the new policy.

Is it as simple as setting the Content Security Policy header to include https://api.gumroad.com/v2/licenses/verify?

0 Kudos
Reply
1 Solution

Accepted Solutions
Fred_Zhao
Airtable Employee
Airtable Employee
Solved See Solution in Thread

‎Jun 17, 2022 02:56 PM

Hi James, sorry for the late reply!

  1. Fixing: I just updated our internal config for Field Validator to be “Allow network access”. This should fix the content security error now.

  2. Declaring network access: I really appreciated your point above, “it doesn’t actually say how to make sure your app supports the new policy.” This is a combination of testing using the developer tooling (see next point) and also letting us know when publishing your app that it requires network access. I’ll check with our team on making this latter point clearer.

  3. Developer tooling: You mentioned that this behavior doesn’t cause problems during development. That’s working as intended, which unfortunately makes development easier but also more surprising when you’re ready to publish. I highly recommend checking out the developer tool for simulating a published production app: New: tighter security and network access option for marketplace apps Hopefully that can help you catch this for this and future apps!

See Solution in Thread

0 Kudos
Reply
2 Replies 2
James_Timmins
5 - Automation Enthusiast
5 - Automation Enthusiast
See Solution in Thread

‎Jun 01, 2022 01:34 PM

@Fred_Zhao do you have any insight into this?

0 Kudos
Reply
Fred_Zhao
Airtable Employee
Airtable Employee
Solved See Solution in Thread

‎Jun 17, 2022 02:56 PM

Hi James, sorry for the late reply!

  1. Fixing: I just updated our internal config for Field Validator to be “Allow network access”. This should fix the content security error now.

  2. Declaring network access: I really appreciated your point above, “it doesn’t actually say how to make sure your app supports the new policy.” This is a combination of testing using the developer tooling (see next point) and also letting us know when publishing your app that it requires network access. I’ll check with our team on making this latter point clearer.

  3. Developer tooling: You mentioned that this behavior doesn’t cause problems during development. That’s working as intended, which unfortunately makes development easier but also more surprising when you’re ready to publish. I highly recommend checking out the developer tool for simulating a published production app: New: tighter security and network access option for marketplace apps Hopefully that can help you catch this for this and future apps!

0 Kudos
Reply
Copyright © 2024 Khoros, LLC