When you create a new Website in Conversation24 management application you will get a JavaScript code that you need to add into your website in order to start loading the Conversation24 chat.
The JavaScript code will look like the image below.
If you add that code directly in your website having this CSP in your website:
Content-Security-Policy: default-src 'self' https://app.cobrowser.com;
Then the Conversationi24 initialization script will never be executed because the CSP only allows loading files from your own domain self
or from https://app.cobrowser.com
but it does not allow inline scripts.
To properly fix this situation, you need to grab the content provided to you in the Conversation24 management application and place it in an external JavaScript file and then load it from your web server.
For instance you can create a new file in your web server called conversation24.js
and add the content between <script> </script>
tags into that file.
After that the Conversation24 script will be loaded and executed because it's loaded from your own website according to the CSP self
in the default-src
.