Recent Changes to or Implementation of Content Security Protocol?

Ron's Avatar

Ron

09 Dec, 2016 09:39 PM

Good evening,

For roughly two years I have used the open-source chat platform, Talk.to, as our live chat service integrated into our tenderapp support homepage without a single hiccup. Within the last 36hrs, this feature has completely failed to work.

In doing some serious breakdown testing I discovered that the platform works fine on our internal domains as well as our public domains; in addition, I uncovered THIS. It appears as though the following URLS are being blocked:

Connect Sources - Allowed sources for external connections such as XMLHttpRequest.
https://tawk.to
https://*.tawk.to
wss://*.tawk.to

Script Sources - Allowed sources for loading scripts.
https://embed.tawk.to
https://*.tawk.to
​ Style Sources - Allowed sources for loading stylesheets.
https://embed.tawk.to
​ Font Sources - Allowed sources for font loading.
https://static-v.tawk.to
​ Image Sources - Allowed sources for image loading.
https://tawk.link
https://static-v.tawk.to
​ Media Sources - Allowed sources for loading media such as audio and video elements.
https://static-v.tawk.to
​ Frame Sources - Deprecated, use child-src instead.
https://*.tawk.to

Any assistance on this would be primo.

Regards,
Ron

  1. Support Staff 1 Posted by Courtenay on 09 Dec, 2016 10:22 PM

    Courtenay's Avatar

    hey Ron, that "this" you linked to doesn't show me much other than you're running an ad-blocker that's blocking the google analytics? :) however I did find a better error, though.. (investigating further)

  2. Support Staff 2 Posted by Courtenay on 09 Dec, 2016 11:36 PM

    Courtenay's Avatar

    I've enabled some of the CSP stuff and i no longer get errors, but the chat box also no longer loads. Does it work for you? Is there some condition on it ?

  3. 3 Posted by Ron on 10 Dec, 2016 02:58 AM

    Ron's Avatar

    Courtenay,

    No one was signed in and available for chat. I have tested it now and I believe those changes may have worked. I'll monitor the behavior and report back if anything goes awry. Thank you for your assistance.

    Regards,
    Ron

  4. Courtenay closed this discussion on 11 Dec, 2016 08:02 AM.

Discussions are closed to public comments.
If you need help with Tender please start a new discussion.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac