How to use Smartsupp with Content security policy (CSP)?

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware.

If you are using CSP on your website, you will need to add the following rules for Smartsupp to work correctly: 

CSP v3 – strict, compatible with Google

Content-Security-Policy:
object-src 'none';
script-src 'nonce-{random}' 'strict-dynamic' 'unsafe-inline' https: http:;
base-uri 'self';
report-uri https://your-report-collector.example.com/

CSP v2

Content-Security-Policy: 
    connect-src: 
        https://*.smartsupp.com 
        wss://*.smartsupp.com
    font-src: 
        https://smartsupp-widget-161959.c.cdn77.org 
        https://*.smartsuppcdn.com
    media-src: 
        https://smartsupp-widget-161959.c.cdn77.org 
        https://*.smartsuppcdn.com
    img-src: 
        data: 
        https://smartsupp-widget-161959.c.cdn77.org 
        https://*.smartsuppcdn.com
    script-src: 
        'unsafe-inline' 
        https://*.smartsuppchat.com 
        https://smartsupp-widget-161959.c.cdn77.org 
        https://*.smartsuppcdn.com
    style-src: 
        'unsafe-inline' 
        https://smartsupp-widget-161959.c.cdn77.org 
        https://*.smartsuppcdn.com