Content Security Policy (CSP) support

Recommended setup

The Web Widget (Classic) supports websites that use a Content Security Policy (CSP) and follows Google'sstrict CSP guidelines. We recommend following Google's policy for the best support and easiest setup with the widget.

When following these guidelines, add thenonceattribute to the Web Widget snippet.

             
              <scriptnonce="{random}"id="ze-snippet"src="https://static.zdassets.com/ekr/snippet.js?key=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx">script>

This{random}value must be a unique cryptographic number that is generated by the server each time the CSP is transmitted.

Note: This security policy works with the new version of the Zendesk Web Widget (Classic) snippet. Please ensure that your snippet looks like the example above.

Custom setup (using other CSP directives)

We cannot guarantee that the Web Widget (Classic) won't violate a custom CSP that does not follow Google'sguidelines. However, if you add the following directives, it should prevent the widget causing violations:

             
              default-src'self'https://static.zdassets.comhttps://ekr.zdassets.comhttps://ekr.亚博.comhttps://{zendeskSubdomain}.亚博.comhttps://*.zopim.comhttps://zendesk-eu.my.sentry.iowss://{zendeskSubdomain}.zendesk.comwss://*.zopim.com;style-src 'unsafe-inline';img-src 'self'https://v2assets.zopim.iohttps://static.zdassets.comdata:;

If you have custom directives specified such asscript-src或connect-src, add the hosts specified indefault-srcabove.

开始

Web Widget (Classic)

Unity Native SDK

Unified SDK

Support SDK

Chat SDK V2

Talk SDK

Chat Widget

Content Security Policy (CSP) support