Help

How to set Content Security Policy values?

Topic Labels: Custom Extensions
Solved
Jump to Solution
992 2
cancel
Showing results for 
Search instead for 
Did you mean: 
James_Timmins
5 - Automation Enthusiast
5 - Automation Enthusiast

I have an app that requires users to add a user token, which it validates against the Gumroad API. But I’m seeing this error.

image

Airtable has a document that introduces the new security policy New: tighter security and network access option for marketplace apps, but it doesn’t actually say how to make sure your app supports the new policy.

Is it as simple as setting the Content Security Policy header to include https://api.gumroad.com/v2/licenses/verify?

1 Solution

Accepted Solutions
Fred_Zhao
Airtable Employee
Airtable Employee

Hi James, sorry for the late reply!

  1. Fixing: I just updated our internal config for Field Validator to be “Allow network access”. This should fix the content security error now.

  2. Declaring network access: I really appreciated your point above, “it doesn’t actually say how to make sure your app supports the new policy.” This is a combination of testing using the developer tooling (see next point) and also letting us know when publishing your app that it requires network access. I’ll check with our team on making this latter point clearer.

  3. Developer tooling: You mentioned that this behavior doesn’t cause problems during development. That’s working as intended, which unfortunately makes development easier but also more surprising when you’re ready to publish. I highly recommend checking out the developer tool for simulating a published production app: New: tighter security and network access option for marketplace apps Hopefully that can help you catch this for this and future apps!

See Solution in Thread

2 Replies 2
James_Timmins
5 - Automation Enthusiast
5 - Automation Enthusiast

@Fred_Zhao do you have any insight into this?

Fred_Zhao
Airtable Employee
Airtable Employee

Hi James, sorry for the late reply!

  1. Fixing: I just updated our internal config for Field Validator to be “Allow network access”. This should fix the content security error now.

  2. Declaring network access: I really appreciated your point above, “it doesn’t actually say how to make sure your app supports the new policy.” This is a combination of testing using the developer tooling (see next point) and also letting us know when publishing your app that it requires network access. I’ll check with our team on making this latter point clearer.

  3. Developer tooling: You mentioned that this behavior doesn’t cause problems during development. That’s working as intended, which unfortunately makes development easier but also more surprising when you’re ready to publish. I highly recommend checking out the developer tool for simulating a published production app: New: tighter security and network access option for marketplace apps Hopefully that can help you catch this for this and future apps!