Content Security Policy
This feature is available since Bloomreach Experience Manager 15.0.0.
The most impactful CSP rules relate to which domains are allowed to be used in elements such as <iframe>, <script> and <style>. This will affect Open UI extensions in particular. Developers will have to manually add such domains to the CSP configuration, which is located in the repository at:
We currently support the following CSP directives to be configured: