Note: The Content Security Policy (CSP) list may be updated based on the features of the SDK.
The Content Security Policy(CSP) is an essential web security standard designed to prevent code injection attacks, such as Cross-Site Scripting (XSS), Clickjacking, and Pixel-Perfect timing attacks.
Below is the CSP list for Channel Talk. Please ensure to include these in your whitelist if you're implementing CSP on your platform:
Plaintext
default-src
*.channel.io
*.channel.app
*.cdninstagram.com
connect-src
*.channel.io
*.channel.app
*.sentry.io
wss://*.channel.io
wss://*.desk-ws.channel.io
wss://*.front-ws.channel.io
script-src
'unsafe-inline'
*.channel.io
*.sentry-cdn.com
style-src
'unsafe-inline'
img-src
*.channel.io
*.cdninstagram.com
blob:The directive 'unsafe-inline' within the script-src is necessary only for inline scripts, such as those used during installation. You can replace 'unsafe-inline' with a nonce- keyword. For detailed information, refer to the CSP: script-src.