You can use Chatlio with Content Security Policy (CSP) headers. If you load the Chatlio embed code from a javascript file, you can avoid the use of script-src 'unsafe-inline'
.
Chatlio requires the following policies:
default-src 'self' https://w.chatlio.com;
script-src 'self' https://w.chatlio.com;
connect-src 'self' https://api.chatlio.com https://api-cdn.chatlio.com wss://push.chatlio.com wss://ws.pusherapp.com;
img-src 'self' data: https://w.chatlio.com https://avatars.slack-edge.com https://files.slack.com https://files-origin.slack.com https://secure.gravatar.com https://uploads-cdn.chatlio.com;
object-src 'none';
style-src 'unsafe-inline';
If you prefer a slightly smaller, more liberal version you can use:
default-src 'self' https://*.chatlio.com;
connect-src 'self' https://*.chatlio.com wss://*.chatlio.com wss://ws.pusherapp.com;
img-src *;
object-src 'none';
style-src 'unsafe-inline' https://*.chatlio.com;
Please contact us via our widget below if you have any questions or concerns about using Chatlio with CSP. We are happy to assist.
This website is built using latest technogies. Unfortunately your browser doesn't support those. Please update your browser to view this website correctly. Thank you.Update my browser now