In your browser console, you might see error messages such as:
You are seeing messages like this because WildApricot is taking the first steps in implementing Content Security Policy (CSP), a security standard introduced by browsers as an added layer of protection to prevents certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution.
CSP works by detecting calls to external URLs then comparing those calls against a whitelist of verified and approved sites. Calls to sites not on the whitelist are blocked.
The first step in implementing CSP in WildApricot is to begin collecting a whitelist of legitimate external URLs called by WildApricot sites. The messages displayed in browser consoles simply confirm that we are collecting this information from your site.
In the future, we will take the next step of blocking calls to external URLs not included in our whitelist. Administrators of WildApricot sites will be able to append their own whitelist to allow additional external URLs.
For more information on CSP, click here.
