Enabling Drift in your App's Content Security Policy (CSP)
A Content Security Policy (CSP) is a set of rules that define what content on a webpage can or cannot be loaded by a visitor’s browser.
If you’re interested in learning more about the benefits of adding a CSPS to your site and how you can set one up, this article from Codeship is a great place to start.
default-src 'self'; connect-src 'self' https://*.drift.com; script-src 'self' https://js.driftt.com; frame-src 'self' https://js.driftt.com; style-src 'self' https://js.driftt.com;
Quick explanation of these rules
Our APIs are located at https://customer.api.drift.com, https://event.api.drift.com, and https://conversation.api.drift.com.
Our CSS and inline style changes are served from https://js.driftt.com.
Most of the Drift widget runs inside of an iframe that is served from our CDN. This means that the majority of assets and connects are sandboxed from your website.
Not using Drift yet? Get your free account here.