Content Security Policy (CSP)
A Content Security Policy (CSP) is an extra layer of security that allows you to control the resources a user agent, such as a web browser, is allowed to load for a given page. CSPs use directives to describe the policies for a certain resource type.
The monetization-src fetch directive allows you to define the payment pointer and wallet address URLs that a browser can load. If an attempt is made to load an undefined URL, a network error will occur and the URL will not load.
| CSP Version | 3 |
|---|---|
| Directive | monetization-src |
| Directive type | Fetch directive |
Syntax
Content-Security-Policy: monetization-src <value>;Content-Security-Policy: monetization-src <value>, <value>;Where <value> is a payment pointer or wallet address URL that’s allowed to load.
Content-Security-Policy: monetization-src https://example.com;Example
Your wallet address is https://wallet.example.com/alice. You want to ensure that no other URLs can be loaded.
You configure your web server to return the following Content-Security-Policy HTTP header on each applicable page of your website.
Content-Security-Policy: monetization-src https://wallet.example.com/alice;A bad actor injects their wallet address into your site.
<link rel="monetization" href="https://example.org/damien">However, fetches for the injected URL will return a network error and not load because the URL doesn’t match what you’ve defined in your CSP.
Specifications
| Specification |
|---|
| Web Monetization #content-security-policy |