I've added the widget in webpage. When I open Chrome - Inspect - Console, I see the following error:
Refused to load the script 'https://widget.freshworks.com/widgets/xxxxxxxxxxx.js' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
This is a problem for us as well. For now we've added the generated hash code to our content security policy, but presumably that hashcode will change if Freshdesk changes the widget code, so is not a good long term solution. Freshdesk, please address this, is there some way to get this to work other than hashcode (or allowing unsafe-inline)?
1 person likes this
13 days ago
@Ed O'Connor-Giles: Could you give me an example of what to add to the content security policy? It would help me out for now.
1 day ago