Content Security Policy
Content Security Policy
If you are using Content Security Policy (CSP) on your site, you will need to add these entries to the policy to make widget work properly:
connect-src sentry-new.tidio.co socket.tidio.co api-v2.tidio.co https: wss:;
font-src fonts.gstatic.com https:;
img-src cdnjs.cloudflare.com data: https:;
media-src widget-v4.tidiochat.com;
script-src https://code.tidio.co https://widget-v4.tidiochat.com;
style-src 'unsafe-inline' fonts.googleapis.com https:;
Info
Please keep in mind that if you need to add inline scripts (e.g. for visitor identification), consider using nonce or hash instead of
'unsafe-inline'
.
Updated 8 months ago