Content Security Policy
CSP list is subject to change depending on the SDK’s features.
Content Security Policy(CSP) is a web security standard to mitigate code injection attacks like Cross-Site-Scripting (XSS), Clickjacking, and Pixel-Perfect timing attacks.
This is ChannelTalk’s CSP list that you should append to your whitelist if you are supporting CSP.
default-src
*.channel.io
*.cdninstagram.com
connect-src
*.channel.io
*.sentry.io
wss://*.channel.io
wss://*.desk-ws.channel.io
wss://*.front-ws.channel.io
script-src
'unsafe-inline'
*.channel.io
*.sentry-cdn.com
style-src
'unsafe-inline'
img-src
*.channel.io
*.cdninstagram.com
blob:
The 'unsafe-inline'
under script-src
is only needed for an inline script like Installation. You can replace the 'unsafe-inline'
with nonce-
keyword. See CSP: script-src for more details.
Updated 3 months ago