Widget creates errors: Content Security Policy
I've added the widget in webpage. When I open Chrome - Inspect - Console, I see the following error:
Refused to load the script 'https://widget.freshworks.com/widgets/xxxxxxxxxxx.js' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
(I changed our number to xxxxxxxxxxx)
This is the content of a testpage:
I tried adding:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' widget.freshworks.com">
I only get more errors.
Could someone help me out? I'm not a webdeveloper (clearly), but I assume this widget needs a (almost) standard set of the Content Security Policy (CSP)?
1 person likes this idea
Apologies for the double post!
This is a problem for us as well. For now we've added the generated hash code to our content security policy, but presumably that hashcode will change if Freshdesk changes the widget code, so is not a good long term solution. Freshdesk, please address this, is there some way to get this to work other than hashcode (or allowing unsafe-inline)?
@Ed O'Connor-Giles: Could you give me an example of what to add to the content security policy? It would help me out for now.
Apologies for the delay in response!
We'd require more information on this as the same is not reproducible at our end. Can you try to implement the widget in different browsers and write to support(at)freshdesk.com with your findings? Our support folks can have this checked with our developers and keep you posted.