Content Security Policy
Note: The Content Security Policy (CSP) list may be updated based on the features of the SDK.
The Content Security Policy(CSP)ย is an essential web security standard designed to prevent code injection attacks, such as Cross-Site Scripting (XSS), Clickjacking, and Pixel-Perfect timing attacks.
Below is the CSP list for Channel Talk. Please ensure to include these in your whitelist if you're implementing CSP on your platform:
default-src
*.channel.io
*.cdninstagram.com
connect-src
*.channel.io
*.sentry.io
wss://*.channel.io
wss://*.desk-ws.channel.io
wss://*.front-ws.channel.io
script-src
'unsafe-inline'
*.channel.io
*.sentry-cdn.com
style-src
'unsafe-inline'
img-src
*.channel.io
*.cdninstagram.com
blob:
The directive
'unsafe-inline'
ย within theยscript-src
ย is necessary only for inline scripts, such as those used during installation. You can replace'unsafe-inline'
withย anonce-
ย keyword. For detailed information, refer to the CSP: script-src.
Updated about 1 year ago