CSP Configuration

If your website uses a Content Security Policy (CSP), you must whitelist the following origins in at least the script-src and connect-src directives of your policy:

Whitelist these origins in your script-src policy:

Whitelist these origins in your connect-src policy:

  • https://*.digitalgenius.com
  • https://*.dgdeepai.com
  • https://*.pusher.com
  • wss://*.pusher.com
  • wss://*.pusherapp.com

However, depending on your CSP configuration you may need to add the origins to additional directives (for example script-elem-src). Please test a handover via the widget to Zendesk to ensure your CSP policy doesn't block any calls to smooch/zendesk.

If you are using Sunco (Zendesk) as your helpdesk you will also need to whitelist the following origins:

connect-src

  • wss://*.smooch.io
  • wss://*.zendesk.com
  • https://*.smooch.io

font-src

  • https://*.smooch.io
  • https://*.zendesk.com;

script-src

  • https://*.smooch.io
  • https://*.zendesk.com;

style-src

  • https://*.smooch.io
  • https://*.zendesk.com;

img-src

  • https://.smooch.io
  • blob:
  • https://*.zendesk.com;

If your CSP configuration uses a nonce then Genius Chat will propagate the nonce on to any scripts that it injects as long as the nonce is present on the init script:

<script src="https://chat.digitalgenius.com/init.js" nonce="1234567890"></script>