SAP Knowledge Base Article - Public

3078874 - Custom Plugin Not Working When Content Security Policy (CSP) is enabled - Recruiting Marketing

Symptom

Custom Plugin is not appearing when CSP is enabled from the Career Site Builder end.

Environment

SAP SuccessFactors Recruiting Marketing

Reproducing the Issue

1. Go to CSB > Settings

2. Data Privacy & Security Settings > Content Security Policy > Enable this feature

3. Go to respective career site > The custom plugin will not load

Cause

The following domains inside the custom plugin is not part of the allowed list in the Content Security Policy settings.

Resolution

In order to verify the following domains in the custom plugin the user can do the following:

1. From the career site > Click on F12 or developer tools;

2. Check the console tab > Verify the URL being blocked by the Content Security Policy header (you will find a red message with the word Refused)

3. Add only the domain part of the URL (e.g. https://www.example.com and not https://www.example.com/...) in the Content Security Policy configuration within Career Site Builder.

See Also

3044364 - Enabling Content Security Policy for RMK Site - Recruiting Marketing

3069320 - Removing of unsafe-* information in Content Security Policy (CSP) header - Recruiting Marketing

Keywords

Recruiting Marketing, Content Security Policy, Custom Plugin, CSB, console , KBA , LOD-SF-RMK-CSB , Career Site Builder , LOD-SF-RMK-SEC , Security & Vulnerabilities , Problem

Product

SAP SuccessFactors Recruiting all versions