Is it possible to Yellow chat widget iframe to be strictly opened in certain origin only?

EgrianoA · January 30, 2023, 7:06am

Hi team, there’s some concern coming from client regarding some security with the yellow widget that implemented in their website.

So this client founds out that our widget iframe policy only has x-frame-options: ALLOWALL rules, and no frame-ancestor rules in content-security -policy. Their concern is there’ll be possibilities where unauthorized third party can clone the chat widget script and put it on page other than client page which led to a scam page and client worry about that.

Is there any way we can strict the widget so it can be opened on specific page domain?

gautham · January 30, 2023, 7:08am

@EgrianoA

Moving this question to the #channels section

akshay_bhat · January 30, 2023, 7:16am

Namaste @EgrianoA

We can whitelist the domain(s) where bot needs to be deployed. Bot will then be accessible only via those domain(s). Please raise Engineering support request on PSD board along with list of domain(s).

EgrianoA · January 30, 2023, 7:44am

Got it @akshay_bhat, I’ll confirm with the client and create a request after got the list of IPs. Thanks!

Topic		Replies	Views
How do we remove the background of yellow Channels web-widget	5	342	December 20, 2022
Content security policy header Channels web-widget	1	332	February 22, 2023
Hide Bot widget on specific URLs Channels web-widget	1	319	March 22, 2023
Can we display chatbot in full screen? Channels web-widget	4	429	March 21, 2023
Can we close the chatbot when user is clicks anywhere on the website Channels web-widget	1	294	April 11, 2023

Is it possible to Yellow chat widget iframe to be strictly opened in certain origin only?

Related Topics