Allow-list guidance

For Digital Web to function correctly, the organization's CSP (Content Security Policy) needs to allow access to certain domains. This process is often referred to as allow-listing a domain. The domains which should be allowed by the CSP depends on the environment the Digital property is deployed on, and the features enabled for the property. To verify the details, please contact your Digital Expert.

Customers on Colo-EU properties

Add the following domains to the allow-list within your application’s CSP to ensure that Digital surveys are fully operational:

Note: It is only necessary to add these domains to any existing CSP directives.
  • connect-src *.kampyle.com; *.medallia.eu

  • script-src *.kampyle.com; *.medallia.eu

  • frame-src *.kampyle.com; *.medallia.eu

  • font-src *.kampyle.com; *.medallia.eu

  • img-src *.kampyle.com; *.medallia.eu

  • style-src *.kampyle.com; *.medallia.eu

If your CSP prefers not to use wildcards, refer to the following:

  • script-src: https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com  https://resources.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com; 

  • font-src: https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com;

  • style-src: https://resources.digital-cloud.medallia.eu https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com;

  • img-src:  https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com; 

  • connect-src: https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com  https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com; 

  • frame-src: https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.eu;

Customers on Colo-UK properties

Add the following domains to the allow-list within your application's CSP to ensure that Digital surveys are fully operational:

Note: It is only necessary to add these domains to any existing CSP directives.
  • connect-src *.kampyle.com; *.medallia.eu

  • script-src *.kampyle.com; *.medallia.eu

  • frame-src *.kampyle.com; *.medallia.eu

  • font-src *.kampyle.com; *.medallia.eu

  • img-src *.kampyle.com; *.medallia.eu

  • style-src *.kampyle.com; *.medallia.eu

If your CSP prefers not to use wildcards, refer to the following:

  • script-src: https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com  https://resources.digital-cloud-uk.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com; 

  • font-src: https://resources.digital-cloud-uk.medallia.eu https://nebula-cdn.kampyle.com;

  • style-src: https://resources.digital-cloud-uk.medallia.eu https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com;

  • img-src:  https://screencaptue-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com; 

  • connect-src: https://resources.digital-cloud-uk.medallia.eu https://ubt-lb.digital-cloud-uk.medallia.eu https://sbt-prod.kampyle.com  https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com; 

  • frame-src: https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu;

Customers on Colo-US (SC4) properties

Add the following domains to the allow-list within your application's CSP to ensure that Digital surveys are fully operational:

Note: It is only necessary to add these domains to any existing CSP directives.
  • connect-src *.kampyle.com; *.medallia.com

  • script-src *.kampyle.com; *.medallia.com

  • frame-src *.kampyle.com; *.medallia.com

  • font-src *.kampyle.com; *.medallia.com

  • img-src *.kampyle.com; *.medallia.com

  • style-src *.kampyle.com; *.medallia.com

If your CSP prefers not to use wildcards, refer to the following:

  • script-src: https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com  https://resources.digital-cloud.medallia.com https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com; 

  • font-src: https://resources.digital-cloud.medallia.com https://nebula-cdn.kampyle.com;

  • style-src: https://resources.digital-cloud.medallia.com https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com;

  • img-src:  https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.com https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com; 

  • connect-src: https://resources.digital-cloud.medallia.com https://ubt-lb.digital-cloud.medallia.com https://sbt-prod.kampyle.com  https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com; 

  • frame-src: https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.com;

Customers on Colo-US (West) properties

Add the following domains to the allow-list within your application's CSP to ensure that Digital surveys are fully operational:

Note: It is only necessary to add these domains to any existing CSP directives.
  • connect-src *.kampyle.com; *.medallia.com

  • script-src *.kampyle.com; *.medallia.com

  • frame-src *.kampyle.com; *.medallia.com

  • font-src *.kampyle.com; *.medallia.com

  • img-src *.kampyle.com; *.medallia.com

  • style-src *.kampyle.com; *.medallia.com

If your CSP prefers not to use wildcards, refer to the following:

  • script-src: https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com  https://resources.digital-cloud-west.medallia.com https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com; 

  • font-src: https://resources.digital-cloud-west.medallia.com https://nebula-cdn.kampyle.com;

  • style-src: https://resources.digital-cloud-west.medallia.com https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com;

  • img-src:  https://screencaptue-cdn.kampyle.com https://resources.digital-cloud-west.medallia.com https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com; 

  • connect-src: https://resources.digital-cloud-west.medallia.com https://ubt-lb.digital-cloud-west.medallia.com https://sbt-prod.kampyle.com  https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com; 

  • frame-src: https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-west.medallia.com;

Customers on Colo-Canada properties

Add the following domains to the allow-list within your application's CSP to ensure that Digital surveys are fully operational:

Note: It is only necessary to add these domains to any existing CSP directives.
  • connect-src *.kampyle.com; *.medallia.ca

  • script-src *.kampyle.com; *.medallia.ca

  • frame-src *.kampyle.com; *.medallia.ca

  • font-src *.kampyle.com; *.medallia.ca

  • img-src *.kampyle.com; *.medallia.ca

  • style-src *.kampyle.com; *.medallia.ca

  • https://resources.digital-cloud.medallia.ca

If your CSP prefers not to use wildcards, refer to the following:

  • script-src: https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com  https://resources.digital-cloud.medallia.ca https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com; 

  • font-src: https://resources.digital-cloud.medallia.ca https://nebula-cdn.kampyle.com;

  • style-src: https://resources.digital-cloud.medallia.ca https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com;

  • img-src:  https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.ca https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com; 

  • connect-src: https://resources.digital-cloud.medallia.ca https://ubt-lb.digital-cloud.medallia.ca https://sbt-prod.kampyle.com  https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com; 

  • frame-src: https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.ca;

Customers on AWS properties (EU, US, AU, and Enterprise)

Add the following domains to the allow-list within your application's CSP to ensure that Digital surveys are fully operational:

Note: It is only necessary to add these domains to any existing CSP directives.
  • connect-src *.kampyle.com; 

  • script-src *.kampyle.com; 

  • frame-src *.kampyle.com; 

  • font-src *.kampyle.com; 

  • img-src *.kampyle.com; 

  • style-src *.kampyle.com; 

If your CSP prefers not to use wildcards, refer to the following:

  • script-src: https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com  https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com; 

  • font-src: https://nebula-cdn.kampyle.com;

  • style-src: https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com;

  • img-src:  https://screencaptue-cdn.kampyle.com https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com; 

  • connect-src: https://sbt-prod.kampyle.com  https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com; 

  • frame-src: https://screencapture.kampyle.com https://nebula-cdn.kampyle.com;