Content Security Policy (CSP) is a security mechanism defending against content injection attacks like XSS. At the most basic level, it is a set of rules that restricts or green lights what content loads onto your website. It safeguards websites and apps from clickjacking, XSS, and malicious code injections. CSP employs rules to control content loading, making it a vital security standard for all website operators.
Implement the following directives to ensure that Front Chat works correctly with your CSP across all regions:
You can remove regions that do not apply to you
The provided directives includes all regions for Front servers. You can omit servers from regions you know do not apply to you (for example, if you know your Front instance does not run on any servers in Europe, you can remove the
eudirectives). If you are unsure which servers apply to your instance, leave all of them in place.
connect-src: chat-assets.frontapp.com chat.frontapp.com us-west-1-chat-server.frontapp.com us-west-2-chat-server.frontapp.com eu-west-1-chat-server.frontapp.com wss://front-us-realtime.ably.io wss://front-eu-realtime.ably.io https://chat-webhook.frontapp.com *.bugsnag.com https://*.browser-intake-datadoghq.com img-src: chat.frontapp.com style-src: blob:
The Bugsnag and Datadog directives are not required for Front Chat to work with your CSP. However, Front highly recommends including them so that our developers can investigate and fix performance and security issues that may arise.
Updated 19 days ago