Skip to content

Security

In order to integrate with Union, the following security configurations are required on your hosted site and API.

Content-Security-Policy

HTTP responses need to emit the Content-Security-Policy header with frame-ancestors specifying Union’s origin in the value.

CORS

Cross-origin resource sharing (CORS) needs to be enabled for Union’s origin with “allow credentials” set to true.

Whitelisted Headers

The following headers need to be whitelisted for Union’s origin:

  • content-type
  • union-version

Whitelisted Methods

The following methods need to be whitelisted for Union’s origin:

  • GET
  • POST
  • PUT
  • DELETE
  • OPTIONS