Content Security Policy

2.8 Content Security Policy in Weaverse, how it is automatically configured, and the ability to customize policies for your unique needs

The Weaverse Team avatar
Written by The Weaverse Team
Updated over a week ago

Understanding Content Security Policy

Content Security Policy (CSP) is a vital security feature implemented by modern web browsers. It defines and enforces a set of content restrictions for web pages. Essentially, CSP acts as a protective barrier, allowing you to specify which external resources and scripts your web page can load and execute.

Weaverse's Automatic CSP Setup

In Weaverse, the implementation of CSP is handled automatically using the createContentSecurityPolicy utility from the @shopify/hydrogen package within the entry.server.jsx file:

Customizing CSP Policies

The default CSP policies used by Weaverse are returned from the getWeaverseCsp function. These policies include directives that allow the loading of Weaverse resources and enable seamless operation within Weaverse Studio.

If your development scenario requires customization, you can easily tailor the CSP policies to your specific needs. To do this, update the getWeaverseCsp function to return custom directive values. You can refer to resources like for guidance on defining your custom CSP directives.

Did this answer your question?