Schools may have a Content Security Policy (CSP) to ensure the content they display on their webpages is authorized.
Schools will need to involve the people who edit the webpages for CSP settings. It will be important for those people to understand how the CSP is currently configured at their school.
Schools who utilize a restrictive CSP will want to include some additional coding in the CSP header so that the chatbot, live chat, texting and other features from Ocelot will function successfully. Without adding Ocelot information to an existing/restrictive CSP, content from Ocelot may be blocked and not fully render. In these cases, the webpage may not properly load all items and errors can occur. See the below section for examples of the types of errors that may occur with the CSP definitions need attention.
If the school has a CSP, please have the person(s) responsible for the school's webpages review the information below. Please review any existing CSP and add the following settings to the existing CSP headers:
Chatbot
With CSP settings, the embedding of content will display correctly.
- Without CSP authorization, videos in a bot response may not display and be able to play.
- Without CSP authorization, a "Refuse to frame 'https://embed.ocelotbot.com/" error can occur because it violates any CSP directive.
Live Chat
In order for Live Chat to work effectively, your security configuration must permit WebSocket access to Ocelot's server.
- Make sure the following is added to your CSP headers: connect-src: wss://ai.ocelotbot.com
- In general, Live Chat agents should have a stable network connection to ensure a smooth experience when using Live Chat.
To see how your system is performing, you may want to run a Twilio Network Test. Any issues will be highlighted in red. If all areas pass but you're still having trouble diagnosing any problems, please submit an Ocelot Support Ticket.