Content Security Policy

Content Security Policy, otherwise known as CSP, is an additional layer of security that can help you with detecting and mitigating various attacks, like Cross-Site Scripting or Data Injection Attacks.

Learn more about CSP and check out the article prepared by the MDN web docs. For now, let’s jump below to learn how to adjust your CSP directives so that they will fully support ChatBot.

Making changes to your Content Security Policy usually requires making changes to your server’s settings. If you are not a tech person, we strongly recommend sending this article to a person responsible for your server.

Making changes to your Content Security Policy usually requires making changes to your server’s settings. If you are not a tech person, we strongly recommend sending this article to a person responsible for your server.

CSP - learn how to adjust your CSP directives

Modifying your Content Security Policy directives

1. Modifying your CSP directives is relatively easy. All that you have to do is to edit the script-src directive so that it’ll include the following entities: 'self' and 'unsafe-inline':

   script-src ‘self’ ‘unsafe-inline’

2. Now, all that is left is to whitelist the *.chatbot.com domain by adding it as a list of whitelisted sources that can load content on your website. Whitelisting our domain should look like in the following example:

Content-Security-Policy: 
    default-src 'self'; 
    script-src 'self' 'unsafe-inline' *.chatbot.com; 
    connect-src 'self' *.chatbot.com; 
    img-src 'self' *.chatbot.com; 
    frame-src 'self' *.chatbot.com;

And that’s it! Now, you’re ready to provide your customers with the quality support that they need!