Home > Forum > CSP headers vs ladesk client

CSP headers vs ladesk client

Oct 26 (50 days ago)
Jakub wrote
Hi,
I've run into some issue setting up CSP security headers, in the final I had to allow 'unsafe-eval' in script-src .. otherwise, close button for the chat window wouldn't work at all (without any error/warning) .. also for chat buttons with requires customer to write something before the chat starts, the chat would never appear/start ..

so my question is, do you plan to implement version without using 'eval'?

thanks,
J.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
https://developer.chrome.com/extensions/contentSecurityPolicy
Reply
1 Answer
Oct 30 (46 days ago)
Ondrej Pok agent wrote
Hi Jakub,

yes we have it in medium term plan. We are considering creating completely new more lightweight and simple client side contact widgets.
However for now using eval(...) is required for correct functioning of most LiveAgent contact widgets.

Ready to try LiveAgent?

It's free for the first 14 days! No credit card required.

Get Started
We work well with others...
Magento Joomla Wordpress Mailchimp
Contact us

support@ladesk.com

+1-800-811-6590 (Toll Free in USA & Canada)

+421 2 33 456 826 (European Union & Worldwide)

Quality Unit, LLC 616 Corporate Way, Suite 2-3278 Valley Cottage, NY 10989

Stay in touch
Blog Google+
© 2004-2015 QualityUnit.com, All rights reserved