Content Security Policy (CSP) is a web security standard to mitigate code injection attacks like Cross-Site-Scripting (XSS), Clickjacking, Pixel-Perfect timing attacks.
This is ChennelIO’s CSP list that you should append to your whitelist if you are supporting CSP
connect-src: https://*.channel.io wss://*.channel.io wss://*.desk-ws.channel.io/ping wss://*.front-ws.channel.io/ping https://s3.ap-northeast-2.amazonaws.com img-src: https://*.channel.io media-src: https://*.channel.io script-src: 'unsafe-inline' // You can replace this line with nonce https://*.channel.io https://cdn.ravenjs.com
script-src is only need for inline installation script. The inline script mitigating is the biggest advantage of CSP. You can replace this line to
nonce- keyword. Please refer at here
Updated 5 months ago