Web Chat not compatible with sites that have a Content Security Policy unless

robert.louis.murphy · May 20, 2025, 7:02pm

###Zoom CC API
zoom-web-sdk web-sdk zcc-sdk web-chat
Add chat client | Contact Center SDK | web

Description
If your website uses a Content Security Policy, Zoom Web Chat will only function if you enable unsafe-inline

Error
script-src-elem inline blocked
style-src-attr inline blocked

How To Reproduce
Steps to reproduce the behavior:
1. Add https://us01ccistatic.zoom.us/us01cci/web-sdk/zcc-sdk.js to your web page (see instructions linked above)
2. Include you Content-Security-Policy header
3. Load your page in a browser
4. The chat will be visible and unformatted before anyone tries to interact with it and it won’t work.

alexm · May 21, 2025, 4:00pm

have you tried updating your content security policy to include Content-Security-Policy: script-src-elem 'self' https://us01ccistatic.zoom.us; ?

robert.louis.murphy · May 23, 2025, 12:58am

Actually I was able to get it to work the trick was to include the sha384 hash of each inline script and style in the csp response header such as script-src ‘sha384-blahblahhblablabla=’ so my script-src contains https://*.zoom.us and self and the response specific nonce and each of the hashes that correspond to each inline script and then style-src is similar containing the hashes for the inline styles

Topic		Replies	Views
What is an appropiate Content-Security-Policy (CSP) for embedding an application on the Zoom Client Zoom Apps	13	2504	September 22, 2022
Content Securty Policy Web	8	2840	August 21, 2020
Web Chat errors using zcc-sdk.js / Campaign embedded web tag Chat	0	640	May 23, 2023
Bug on streaming youtube (HEADERS) API and Webhooks	3	593	August 21, 2020
Web Chat errors using zcc-sdk.js / Campaign embedded web tag - Not working Contact Center	2	1423	April 30, 2024

Web Chat not compatible with sites that have a Content Security Policy unless

Related topics