Content Security Policy

🚧

CSP list is subject to change depending on the SDK’s features.

Content Security Policy(CSP) is a web security standard to mitigate code injection attacks like Cross-Site-Scripting (XSS), Clickjacking, and Pixel-Perfect timing attacks.

This is ChannelTalk’s CSP list that you should append to your whitelist if you are supporting CSP.

default-src
  *.channel.io
  *.cdninstagram.com

connect-src
  *.channel.io
  *.sentry.io
  wss://*.channel.io
  wss://*.desk-ws.channel.io
  wss://*.front-ws.channel.io

script-src
  'unsafe-inline'
  *.channel.io
  *.sentry-cdn.com

style-src
  'unsafe-inline'

img-src
  *.channel.io
  *.cdninstagram.com
  blob:

The 'unsafe-inline' under script-src is only needed for an inline script like Installation. You can replace the 'unsafe-inline' with nonce- keyword. See CSP: script-src for more details.