The Conversation24 chat requires several styles, images, fonts and javascript files to be loaded in your website in order to allow your visitors to start chatting with your agents.
All these external images, fonts, CSS files and JS files will be loaded from our domain https://app.conversation24.com so you need to add that domain in your CSP policy.
Apart of those required files our software communicates with our domain app.conversation24.com via HTTPS and Web Sockets in order to get the required information and display the chat accordingly to your configuration.
For allowing to load the JS files you need to specify this CSP policy:
Content-Security-Policy: default-src 'self' https://app.conversation24.com;
For allowing to load the CSS files you need to specify this CSP policy:
Content-Security-Policy: style-src 'self' https://app.conversation24.com;
For allowing to load the images you need to specify this CSP policy:
Content-Security-Policy: img-src 'self' https://app.conversation24.com;
For allowing to load the fonts you need to specify this CSP policy:
Content-Security-Policy: font-src 'self' https://app.conversation24.com;
For allowing to communicate with our domain you need to specify this CSP policy:
Content-Security-Policy: connect-src 'self' https://app.conversationo24.com wss://app.conversation24.com;
In all examples shown here we have included self
in the policy to allow as well your own domain. We strongly recommend you to configure your policy according to your needs and security requirements.