Conversation24 also allows you to apply more sophisticated CSS customizations to anything you'd like about the chat window allowing you to load custom CSS snippets.
In order to allow those customizations to work properly in your website you need to slightly modify the Content Security Policy for style-src
defined in the Configuration section.
If you want to allow the customizations mentioned here you need to use this kind of Content Security Policy:
Content-Security-Policy: style-src 'self' 'unsafe-inline' https://app.conversation24.com;
If you want to be more strict there's another option to allow custom CSS without adding unsafe-inline
to your style-src policy, by using '<hash-algorithm>-<base64-value>'
.
For example:
Content-Security-Policy: style-src 'self' 'sha256-Af3qX0m4oTgOmMz059JS4emyhzm8A4VvN+6HRCF3GPU=' https://app.conversation24.com;
As you can see in the example we're including a SHA-256 hash that identifies the custom CSS style element that Conversation24 system will inject as an inline style.
This way you have a more strict and secure CSP in place, the issue with this approach is that you need to regenerate the SHA-256 hash every time you make modifications to your custom CSS.
You can read more information about unsafe-inline and sha-256 hashes for your style-src CSP here.