Content Security Policy

If your deployment requires CSP compatibility, add the following meta tag to your configuration.

<meta
    http-equiv="Content-Security-Policy"
    content="
    connect-src
        https://cdn.web1on1.chat
        https://*.smooch.io
        wss://*.smooch.io;
    script-src
        https://api.web1on1.chat
        https://cdn.web1on1.chat
        https://meet.jit.si/external_api.js
        https://cdn.smooch.io;
    style-src
        https://cdn.smooch.io;
    img-src
        https://storage.googleapis.com
        https://app.web1on1.chat
        https://cdn.smooch.io
        https://cdn.web1on1.chat;
    font-src
        https://cdn.smooch.io;
    media-src
        https://cdn.smooch.io;
    child-src
        https://youtube.com
        https://cdn.loom.com
        https://europe-west2-cs-microservices.cloudfunctions.net;"
/>

Note that an equivalent configuration can be done server side.

Warning: when you apply this Content Security Policy, please be aware that third-party bots might need additional sources listed. Please contact customer support if you experience any issues.

Enabling the widget Widget Options

On this page

Content Security Policy