Content Security Policy

Content Security Policy (CSP) is a security mechanism defending against content injection attacks like XSS. At the most basic level, it is a set of rules that restricts or green lights what content loads onto your website. It safeguards websites and apps from clickjacking, XSS, and malicious code injections. CSP employs rules to control content loading, making it a vital security standard for all website operators.

Implement the following directives to ensure that Front Chat works correctly with your CSP across all regions:

👍

You can remove regions that do not apply to you

The provided directives includes all regions for Front servers. You can omit servers from regions you know do not apply to you (for example, if you know your Front instance does not run on any servers in Europe, you can remove the eu directives). If you are unsure which servers apply to your instance, leave all of them in place.

connect-src:
  chat-assets.frontapp.com
  chat.frontapp.com
  us-west-1-chat-server.frontapp.com
  us-west-2-chat-server.frontapp.com
  eu-west-1-chat-server.frontapp.com
  wss://front-us-realtime.ably.io
  wss://front-eu-realtime.ably.io
  https://chat-webhook.frontapp.com
  *.bugsnag.com
  https://*.browser-intake-datadoghq.com

img-src:
  chat.frontapp.com
  chat-assets.frontusercontent.com

style-src:
  blob:

📘

The Bugsnag and Datadog directives are not required for Front Chat to work with your CSP. However, Front highly recommends including them so that our developers can investigate and fix performance and security issues that may arise.