Content Security Policy

Content Security Policy (CSP) is a security layer that helps to detect and protect against certain types of attacks like XSS or clickjacking. If you want to secure your application, which we recommend, then please follow the instructions presented below.

TalkJS uses iframes behind the scenes to create isolation from the customer's website. The only CSP rule that you have to add is frame-src. This property specifies valid sources for nested browsing contexts loading using elements such as