Recent Changes to or Implementation of Content Security Protocol?
Good evening,
For roughly two years I have used the open-source chat platform, Talk.to, as our live chat service integrated into our tenderapp support homepage without a single hiccup. Within the last 36hrs, this feature has completely failed to work.
In doing some serious breakdown testing I discovered that the platform works fine on our internal domains as well as our public domains; in addition, I uncovered THIS. It appears as though the following URLS are being blocked:
Connect Sources - Allowed sources for external connections such
as XMLHttpRequest.
https://tawk.to
https://*.tawk.to
wss://*.tawk.to
Script Sources - Allowed sources for loading scripts.
https://embed.tawk.to
https://*.tawk.to
Style Sources - Allowed sources for loading
stylesheets.
https://embed.tawk.to
Font Sources - Allowed sources for font loading.
https://static-v.tawk.to
Image Sources - Allowed sources for image loading.
https://tawk.link
https://static-v.tawk.to
Media Sources - Allowed sources for loading media such as
audio and video elements.
https://static-v.tawk.to
Frame Sources - Deprecated, use child-src instead.
https://*.tawk.to
Any assistance on this would be primo.
Regards,
Ron
Discussions are closed to public comments.
If you need help with Tender please
start a new discussion.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Courtenay on 09 Dec, 2016 10:22 PM
hey Ron, that "this" you linked to doesn't show me much other than you're running an ad-blocker that's blocking the google analytics? :) however I did find a better error, though.. (investigating further)
Support Staff 2 Posted by Courtenay on 09 Dec, 2016 11:36 PM
I've enabled some of the CSP stuff and i no longer get errors, but the chat box also no longer loads. Does it work for you? Is there some condition on it ?
3 Posted by Ron on 10 Dec, 2016 02:58 AM
Courtenay,
No one was signed in and available for chat. I have tested it now and I believe those changes may have worked. I'll monitor the behavior and report back if anything goes awry. Thank you for your assistance.
Regards,
Ron
Courtenay closed this discussion on 11 Dec, 2016 08:02 AM.