In case you are using a CSP policy (Content Security Policy) on your website, the Crisp chatbox will not work out of the box. You will need to add Crisp domains to your Content Security Policy rules.
This is the policy we recommend, as it will allow you to support any future Crisp domain update.
You can find below the wildcard domain ranges Crisp uses:
https://*.crisp.chat(JS, CSS, fonts, images, frames)
This policy may be updated anytime in the future. You may use the loose CSP policy rather if you want to avoid any problem if we update a domain in the future.
In case your website requires strict CSP policies, you may allow the following domains:
https://client.crisp.chat(JS, CSS, fonts, images)
Also, make sure to add
unsafe-inline to your
style-src policy (if any).
Please note that Crisp also embeds Youtube, Vimeo and Dailymotion video links in the chatbox. You may adjust your CSP rules to allow domains from those services accordingly.
Ask your own question.Ask Now