CSP: monetization-src
The Content-Security-Policy (CSP) monetization-src directive restricts the list of URLs from which a payment endpoint is loaded.
Syntax
One or more sources may be allowed for the monetization-src policy:
Content-Security-Policy: monetization-src
<source />
; Content-Security-Policy: monetization-src
<source />
,
<source />
;
Sources
<source> can be any one of the values listed in CSP Source Values.
Examples
Violation cases
Given this CSP header:
Content-Security-Policy: monetization-src https://www.example.com
The following monetization source will not load, as the url doesn't match the one defined in the Content-Security-Policy:
<link rel="monetization" href="https://example.org/payment-pointer" />
Specifications
| Specification |
|---|
| Web Monetization API #monetization-src-directive |
Browser compatibility
| desktop | mobile | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | WebView Android | Chrome Android | Firefox for Android | Opera Android | Safari on iOS | Samsung Internet | Puma Browser | |
monetization-src | Yes | Yes | Yes | No | Yes | No | No | No | No | No | No | No | Yes |
- Full Support
- No Support
- You'll need to use a Web Monetization Extension