CSP Configuration
If your website uses a Content Security Policy (CSP), you must whitelist the following origins in at least the script-src and connect-src directives of your policy:
Whitelist these origins in your script-src policy:
- https://*.digitalgenius.com
- https://*.dgdeepai.com
- https://dg-flow-media-eu-central-1-prod.s3.eu-central-1.amazonaws.com
Whitelist these origins in your connect-src policy:
- https://*.digitalgenius.com
- https://*.dgdeepai.com
- https://*.pusher.com
- wss://*.pusher.com
- wss://*.pusherapp.com
However, depending on your CSP configuration you may need to add the origins to additional directives (for example script-elem-src). Please test a handover via the widget to Zendesk to ensure your CSP policy doesn't block any calls to smooch/zendesk.
If you are using Sunco (Zendesk) as your helpdesk you will also need to whitelist the following origins:
connect-src
- wss://*.smooch.io
- wss://*.zendesk.com
- https://*.smooch.io
font-src
- https://*.smooch.io
- https://*.zendesk.com;
script-src
- https://*.smooch.io
- https://*.zendesk.com;
style-src
- https://*.smooch.io
- https://*.zendesk.com;
img-src
- https://.smooch.io
- blob:
- https://*.zendesk.com;
If your CSP configuration uses a nonce then Genius Chat will propagate the nonce on to any scripts that it injects as long as the nonce is present on the init script:
<script src="https://chat.digitalgenius.com/init.js" nonce="1234567890"></script>
Updated about 1 month ago