In the Conversation24 management application you can create chat buttons, chat invites and custom chat buttons. All of them will allow your visitors to start chatting with your agents in different ways.
Conversation24 allows you to make some customizations to your chat buttons and chat invites like position and color.
All those colors and positions customizations work fine with the CSP headers mentioned in the Configuration section. You do not need to add any specific policies for them to work properly.
Conversation24 also allows you to use Chat Campaign logos and Agents avatars that will be shown in the Conversation24 chat.
Right now Conversation24 is loading those logos and avatars using data attributes. So in order to make them work properly you need to change your CSP to allow data:[<mediatype>][;base64],<data>
images like in the example below:
Content-Security-Policy: img-src 'self' https://app.conversation24.com data:;
NOTE: data:
Allows data:
URIs to be used as a content source. This is insecure; an attacker can also inject arbitrary data: URIs. Use this sparingly and definitely not for scripts.
Conversation24 development team is working on improving the Conversation24 chat to avoid completely the need of requiring data
in your img-src
CSP.
You can read more information about data attributes for your img-src Content Security Policy here.