Live Helper Chat support forum.. Forum is locked. New place for questions - Github Discussions
You are not logged in.
- Topics: Active | Unanswered
Announcement
#1 2022-03-02 00:32:11
- jamminjames
- Member
- Registered: 2022-02-24
- Posts: 38
Using CSP nonce for scripts on website - apply to Live Helper scripts?
We're using a CSP nonce for scripts on our website. Is there any way to dynamically apply the nonce to all Live Helper scripts?
If not, we can possibly use "map $request_uri $csp" in nginx.conf to map a different CSP (Content-Security-Policy) for the livehelperchat folders. If so, what is a good CSP to use for those folders? We don't want it to be overly permissive, for security reasons. Has Live Helper Chat worked out a recommended CSP?
Thank you.
Last edited by jamminjames (2022-03-02 04:40:49)
Offline
#2 2022-03-02 05:24:38
- remdex
- Administrator
- From: Lithuania
- Registered: 2012-09-23
- Posts: 3,661
- Website
Re: Using CSP nonce for scripts on website - apply to Live Helper scripts?
Hi,
At the moment I do not have sample for CSP rules. So just try gradually to enable them for the request you see.
Offline