CSP Configuration

Do you utilize a CSP? Here's some directives to add in order to mantain a correct configuration of the banner:

Connect-src directive

The following sources should be added to this directive:
  • "https://cns.elmobot.eu/" , in order to allow Elmo to save user-given consent inside the consent registry.
  • "https://www.privacylab.it", in order to allow the banner to show Privacylab's privacy policy to the navigator

Script-src directive

The following sources should be added to this directive:
  • "https://bnr.elmobot.eu/", to allow the banner to be shown to the user, and to keep it updated.

(Optional) Style-src directive

This directive is usually only applied in the most stringent cases, and it is not recommended to implement it unless there are graphical problems in the banner.
Should a graphical update be made to Elmo, in fact, both sources of the CSS files passed to the directive with the new value would have to be changed again, an impractical and maintenance-intensive solution.
To add the graphic styles of the Elmo banner, however, simply add the following sources to the “style-src” directive:
  • "sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
  • "sha256-nic/HL+2KUCsViZZsebVdJ3yXEzk4JKoQ+euhKkWzbE="
These sources include graphic instructions limited to the display of the Elmo banner, so that it appears correctly on the final site