Live on cloud • All plans
Admins can now customize the Content Security Policy (CSP) that Retool enforces on apps. Retool applies a strict default policy that restricts which origins an app can load scripts, fonts, images, and other resources from. You can now extend that policy org-wide to allow the additional origins your apps need, or tighten the defaults further.
For example, if custom JavaScript in an app loads a charting library from a CDN such as https://cdn.example.com, the default script-src 'self' policy blocks the script and the app fails to render it. You can now add that origin to script-src so the app can load it without loosening the policy for any other resource.
Configure rules in Settings > App security > Content Security Policy. Changes apply to every app in your organization and are recorded in your audit logs.
For more information, refer to Customize the Content Security Policy for apps.