Security¶
In order to integrate with Union, the following security configurations are required on your hosted site and API.
Content-Security-Policy¶
HTTP responses need to emit the Content-Security-Policy header with frame-ancestors specifying Union’s origin in the value.
CORS¶
Cross-origin resource sharing (CORS) needs to be enabled for Union’s origin with “allow credentials” set to true.
Whitelisted Headers¶
The following headers need to be whitelisted for Union’s origin:
- content-type
- union-version
Whitelisted Methods¶
The following methods need to be whitelisted for Union’s origin:
- GET
- POST
- PUT
- DELETE
- OPTIONS