Skip to content

HappyFox Chat Widget Content-Security-Policy

Views
6050
Last updated

Customers who install HappyFox Chat widget in pages which use Content Security Policy (CSP) should extend their CSP policy to include following domains in respective directives.

script-src 'self' 'unsafe-inline' 'unsafe-eval' happyfoxchat.com *.happyfoxchat.com; 

connect-src 'self' happyfoxchat.com *.happyfoxchat.com; 

media-src 'self' happyfoxchat.com *.happyfoxchat.com; 

object-src 'self' happyfoxchat.com *.happyfoxchat.com; 

child-src 'self' happyfoxchat.com *.happyfoxchat.com; 

frame-src 'self' happyfoxchat.com *.happyfoxchat.com;

img-src 'self' happyfoxchat.com *.happyfoxchat.com; 

style-src 'self' 'unsafe-inline' happyfoxchat.com *.happyfoxchat.com; 

font-src 'self' happyfoxchat.com *.happyfoxchat.com;


Example CSP policy which whitelists HappyFox Chat widget,

 

default-src 'self'; 

script-src 'self' 'unsafe-inline' 'unsafe-eval' happyfoxchat.com *.happyfoxchat.com; 

connect-src 'self' happyfoxchat.com *.happyfoxchat.com; 

media-src 'self' happyfoxchat.com *.happyfoxchat.com; 

object-src 'self' happyfoxchat.com *.happyfoxchat.com; 

child-src 'self' happyfoxchat.com *.happyfoxchat.com; 

frame-src 'self' happyfoxchat.com *.happyfoxchat.com;

img-src 'self' happyfoxchat.com *.happyfoxchat.com; 

style-src 'self' 'unsafe-inline' happyfoxchat.com *.happyfoxchat.com; 

font-src 'self' happyfoxchat.com *.happyfoxchat.com;

 

Tags