Content Security Policy

If CSP is enabled for your site you will need to add policy directives depending on which features of UserKit you have enabled.

Below are the default policy directives required:

style-src https://widget.userkit.io;
script-src https://widget.userkit.io;
img-src https://widget.userkit.io;

If you have Google Sign-in enabled, you will need the following directives:

style-src 'unsafe-inline' https://accounts.google.com;
script-src https://www.gstatic.com https://accounts.google.com;
frame-src https://accounts.google.com;
img-src https://*.googleusercontent.com;

If you have ReCAPTCHA enabled, you will need the following directives:

frame-src https://www.google.com/recaptcha/;
script-src https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;