We’re in the process of configuring Content Security Policy headers for our product, and one of the violations being highlighted is the inline styling used by the help widget we’ve integrated with our webapp.
Please could someone on the dev side there let me know how to go about passing-in our server-generated nonce value? Is it via
window.fwSettings for example?
Many thanks in advance for you help with this.
Welcome to the Freshworks Developer Community!
I see that there is a support ticket about this, and the Freshdesk support team would be the ideal resource for helping you with widgets.
To share the support response with the community:
We had this further checked with our product team, wherein I’m afraid the option to add nonce parameter to a help widget is not available as an option currently in the Freshdesk help widget.
However we have raised this as a feature enhancement in the help widget, for passing the nonce parameters in the widget. Based on the roadmap implementation of the same, we will keep you updated on this.
this measure can help many of us secure our web applications from XSS attacks.
This topic was automatically closed 6 days after the last reply. New replies are no longer allowed.