Web Chat not compatible with sites that have a Content Security Policy unless

###Zoom CC API
zoom-web-sdk web-sdk zcc-sdk web-chat
Add chat client | Contact Center SDK | web

Description
If your website uses a Content Security Policy, Zoom Web Chat will only function if you enable unsafe-inline

Error
script-src-elem inline blocked
style-src-attr inline blocked

How To Reproduce
Steps to reproduce the behavior:
1. Add https://us01ccistatic.zoom.us/us01cci/web-sdk/zcc-sdk.js to your web page (see instructions linked above)
2. Include you Content-Security-Policy header
3. Load your page in a browser
4. The chat will be visible and unformatted before anyone tries to interact with it and it won’t work.

have you tried updating your content security policy to include Content-Security-Policy: script-src-elem 'self' https://us01ccistatic.zoom.us; ?

Actually I was able to get it to work the trick was to include the sha384 hash of each inline script and style in the csp response header such as script-src ‘sha384-blahblahhblablabla=’ so my script-src contains https://*.zoom.us and self and the response specific nonce and each of the hashes that correspond to each inline script and then style-src is similar containing the hashes for the inline styles

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.