Content-Security-Policy configuration

By default, Sitecore XP/XM has a Content-Security-Policy (CSP) header configured in the web.config that is targeted at the /sitecore location. This CSP header prevents resources that live outside of your domain to be loaded in the Sitecore Content Editor.

This applies to the Content Management instance(s) of your Sitecore platform.

With this CSP header enabled, the Bynder DAM Connector is unable to display selected assets in the Content Editor because they are served by the Bynder CDN and live outside of your own domain.

To allow Bynder assets to be loaded in the Content Editor, you must update the CSP header so that it is allowed.
Here is an example of the modified configuration that is applicable to the standard (out-of-the-box) configuration that ships with Sitecore:

  <location path="sitecore">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Content-Security-Policy" 
            value="
              default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net; 
              img-src 'self' data: https://YOUR-NAME.bynder.com https://*.webdamdb.com; 
              media-src 'self' data: https://YOUR-NAME.bynder.com https://*.webdamdb.com; 
              style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 
              font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; 
              upgrade-insecure-requests; 
              block-all-mixed-content;" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>

Ensure that https://YOUR-NAME.bynder.com is replaced with your Bynder portal URL.
The entry for https://*.webdamdb.com only applies if you are using Webdam instead of Bynder DAM.