Content Security Policy

Content Security Policy (CSP) is a web security standard to mitigate code injection attacks like Cross-Site-Scripting (XSS), Clickjacking, Pixel-Perfect timing attacks.

This is ChennelIO’s CSP list that you should append to your whitelist if you are supporting CSP

connect-src:
  https://*.channel.io
  wss://*.channel.io
  https://s3.ap-northeast-2.amazonaws.com

img-src:
  https://*.channel.io

media-src:
  https://*.channel.io

script-src:
  'unsafe-inline' // You can replace this line with nonce
  https://*.channel.io
  https://cdn.ravenjs.com

The 'unsafe-inline' under script-src is only need for inline installation script. The inline script mitigating is the biggest advantage of CSP. You can replace this line to nonce- keyword. Please refer at here