Home / How to fix Content Security Policy errors in NITRO Studio sites. 

How to fix Content Security Policy errors in NITRO Studio sites. 

73 views 1 min , 34 sec read

Microsoft is rolling out stronger Content Security Policy (CSP) enforcement for SharePoint Online starting March 1, 2026. CSP is a set of rules that a website sends to your browser. It defines what page is allowed to load and run. These rules typically focus on resources such as JavaScript, CSS, images, frames, and connections to external services. 

Crow Canyon is actively working on code changes in NITRO Studio to comply with Microsoft CSP rules. Majority of the code is already compliant, however, there are few pending areas like where NITRO components use dynamic scripting. These changes are planned to be completed by end of March 2026. 

In the meantime, please follow the steps below in your SharePoint Online tenant to fix issues due to CSP rollout. 

There are two ways to make the changes 

  1. Using NITRO Studio: This is possible only if NITRO API permissions are granted during NITRO installation. If NITRO Site API permissions are not granted, then follow the second method. 
  2. Use the SharePoint admin center and PowerShell. These steps require SharePoint admin role in Office 365 tenant. 

    Using NITRO Studio

    1. Navigate to https://crowcanyonnitro.azurewebsites.net/
      1. It will auto-navigate to https://crowcanyonnitro.azurewebsites.net/NITRO page if NITRO API permissions are granted.
    2. Check if ‘Manage CSP’ link is available in the page footer. Else, follow the steps in next sections.
    3. Click ‘Manage CSP’ link and in the pop-up:
      1. Click ‘Enable’ to enable CSP enforcement delay in the SharePoint sites.
      2. Click ‘Add URL’ to add NITRO Studio CDN URL to trusted sources.

    If NITRO API permissions are not granted, please follow the steps below.

    Add NITRO Studio CDN URL to trusted script sources

    1. Navigate to SharePoint admin portal.
      1. https://yourtenantname-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/contentSecurityPolicy
    2. Click ‘Add Source’ and add below URLs as trusted source: 
    1. https://cdn.crowcanyon.com/ 
    2. https://appscdn.azurewebsites.net/ 
    3. https://cdnjs.cloudflare.com/ 
    4. Note that for GCC/dedicated NITRO Studio customers, add the URLs as per the CDN configured in your setup. 

          3. Clear browser cache before accessing NITRO Studio site pages.

     

    Delay Content Security Policy enforcement in your tenant

    1. Microsoft page for more information: https://learn.microsoft.com/en-us/sharepoint/dev/spfx/content-securty-policy-trusted-script-sources
    2. Install SharePoint Online Management Shell
      1. Download URL: https://www.microsoft.com/en-in/download/details.aspx?id=35588
      2. If you have an older version already installed, then update to latest version
    3. Launch SharePoint Online Management Shell
    4. Run command to connect to SharePoint online:
      1. Connect-SPOService -Url https://yourtenantname-admin.sharepoint.com
      2. Replace with your tenant name in above URL
      3. This command will open a login URL, provide credentials for user having SharePoint admin rights.
      4. For GCC High tenants, please add -Region ITAR to the command:                                                                                                                                                                                                                       1. Connect-SPOService -Url https://yourtenantname-admin.sharepoint.us -Region ITAR
    5. Set-SPOTenant -DelayContentSecurityPolicyEnforcement $true
      1. This will delay CSP enforcement by 90 days.
    6. Verify that above is set correctly:
      1. Get-SPOTenant | Select-Object DelayContentSecurityPolicyEnforcement
      2. Above should give output ‘True’.

     

    About supportTeam

    View all posts by supportTeam