Content Security Policy

๐Ÿšง

Note: The Content Security Policy (CSP) list may be updated based on the features of the SDK.

The Content Security Policy(CSP)ย is an essential web security standard designed to prevent code injection attacks, such as Cross-Site Scripting (XSS), Clickjacking, and Pixel-Perfect timing attacks.

Below is the CSP list for Channel Talk. Please ensure to include these in your whitelist if you're implementing CSP on your platform:

default-src
  *.channel.io
  *.channel.app
  *.cdninstagram.com

connect-src
  *.channel.io
  *.channel.app
  *.sentry.io
  wss://*.channel.io
  wss://*.desk-ws.channel.io
  wss://*.front-ws.channel.io

script-src
  'unsafe-inline'
  *.channel.io
  *.sentry-cdn.com

style-src
  'unsafe-inline'

img-src
  *.channel.io
  *.cdninstagram.com
  blob:

๐Ÿ“˜

The directive 'unsafe-inline'ย within theย script-srcย is necessary only for inline scripts, such as those used during installation. You can replace 'unsafe-inline' withย a nonce-ย keyword. For detailed information, refer to the CSP: script-src.