Schools may have a Content Security Policy (CSP) to ensure the content they display on their webpages is authorized. 


Schools will need to involve the person(s) who edit the CSP webpage settings.  It will be important to understand how the CSP is currently configured.


Schools that utilize a restrictive CSP will want to include some additional coding in the CSP header so that the chatbot, live chat, texting, and other features from Ocelot will function successfully. Without adding Ocelot information to an existing/restrictive CSP, content from Ocelot may be blocked and not fully rendered.  In these cases, the webpage may not properly load all items and errors can occur.  See the below section for examples of the types of errors that may occur with the CSP definitions that need attention.

If the school has a CSP, please have the person(s) responsible for the school's webpages review the information below. Please review any existing CSP and add the following settings to the existing CSP headers:

connect-srcwss://ai.ocelotbot.comAdd this when using the Live Chat
connect-srchttps://ai.ocelotbot.comAdd this when using the Chatbot 
font-srchttps://fonts.gstatic.com
Add this for utilizing Ocelot's fonts
frame-srchttps://embed.ocelotbot.comAdd this when viewing videos inside the Chatbot
img-srchttps://id.ocelotbot.comAdd this to attach images using the Chatbot and Live Chat 
style-srchttps://ai.ocelotbot.com https://fonts.googleapis.com 'unsafe-inline'
Add this when using Google APIs for fonts and styling on the Chatbot and Live Chat
script-srchttps://ai.ocelotbot.comUse this to enable the embedding code for the Chatbot



Chatbot

With CSP settings, the embedding of content will display correctly.

  • Without CSP authorization,  videos in a bot response may not display and be able to play.  
  • Without CSP authorization, a "Refuse to frame 'https://embed.ocelotbot.com/" error can occur because it violates any CSP directive.


Live Chat

In order for Live Chat to work effectively, your security configuration must permit WebSocket access to Ocelot's server. 

  • Make sure the following is added to your CSP headers: connect-src: wss://ai.ocelotbot.com
  • In general, Live Chat agents should have a stable network connection to ensure a smooth experience when using Live Chat. 

To see how your system is performing, you may want to run a Twilio Network Test. 

Any issues will be highlighted in red. If all areas pass but you're still having trouble diagnosing any problems, please submit an Ocelot Support Ticket.