Content Security Policy
Content Security Policy (CSP) is a security mechanism defending against content injection attacks like XSS. At the most basic level, it is a set of rules that restricts or green lights what content loads onto your website. It safeguards websites and apps from clickjacking, XSS, and malicious code injections. CSP employs rules to control content loading, making it a vital security standard for all website operators.
Implement the following directives to ensure that Front Chat works correctly with your CSP across all regions:
You can remove regions that do not apply to you
The provided directives includes all regions for Front servers. You can omit servers from regions you know do not apply to you (for example, if you know your Front instance does not run on any servers in Europe, you can remove the
eu
directives). If you are unsure which servers apply to your instance, leave all of them in place.
connect-src:
chat-assets.frontapp.com
chat.frontapp.com
us-west-1-chat-server.frontapp.com
us-west-2-chat-server.frontapp.com
eu-west-1-chat-server.frontapp.com
wss://front-us-realtime.ably.io
wss://front-eu-realtime.ably.io
https://chat-webhook.frontapp.com
*.bugsnag.com
https://*.browser-intake-datadoghq.com
img-src:
chat.frontapp.com
chat-assets.frontusercontent.com
style-src:
blob:
The Bugsnag and Datadog directives are not required for Front Chat to work with your CSP. However, Front highly recommends including them so that our developers can investigate and fix performance and security issues that may arise.
Updated 12 months ago