Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Content Security Policy (CSP)

            Modified on Thu, 26 Sep, 2024 at 5:17 PM

            Content Security Policy (CSP) 


            Schools may have a Content Security Policy (CSP) to ensure the content they display on their webpages is authorized. 


            Schools will need to involve the person(s) who edit the CSP webpage settings.  It will be important to understand how the CSP is currently configured.


            Schools that utilize a restrictive CSP will want to include some additional coding in the CSP header so that the virtual assistant, live assistant, two-way messaging, and other features from Ocelot will function successfully. Without adding Ocelot information to an existing/restrictive CSP, content from Ocelot may be blocked and not fully rendered. In these cases, the webpage may not properly load all items and errors can occur.  See the below section for examples of the types of errors that may occur with the CSP definitions that need attention.

            If the school has a CSP, please have the person(s) responsible for the school's webpages review the information below. Please review any existing CSP and add the following settings to the existing CSP headers:

            connect-srcwss://ai.ocelotbot.comAdd this when using the Live Assistant or Automatic Content Generation
            connect-srchttps://ai.ocelotbot.comAdd this when using the Virtual Assistant
            font-srchttps://fonts.gstatic.com
            		Add this for utilizing Ocelot's fonts
            frame-srchttps://embed.ocelotbot.comAdd this when viewing videos inside the Virtual Assistant
            img-srchttps://id.ocelotbot.comAdd this to attach images using the Virtual Assistant and Live Assistant
            style-srchttps://ai.ocelotbot.com https://fonts.googleapis.com 'unsafe-inline'
            		Add this when using Google APIs for fonts and styling on the Virtual Assistant and Live Assistant
            script-srchttps://ai.ocelotbot.comUse this to enable the embedding code for the Virtual Assistant



            Virtual Assistant

            With CSP settings, the embedding of content will display correctly.

            • Without CSP authorization,  videos in a virtual assistant's response may not display and be able to play.  
            • Without CSP authorization, a "Refuse to frame 'https://embed.ocelotbot.com/" error can occur because it violates any CSP directive.
            • Without CSP authorization, the virtual assistant will not provide an automatic content generated response 


            Live Assistant

            In order for the Live Assistant to work effectively, your security configuration must permit WebSocket access to Ocelot's server. 

            • Make sure the following is added to your CSP headers: connect-src: wss://ai.ocelotbot.com
            • In general, live agents should have a stable network connection to ensure a smooth experience when using the Live Assistant. 

            To see how your system is performing, you may want to run a Twilio Network Test. 

            Any issues will be highlighted in red. If all areas pass but you're still having trouble diagnosing any problems, please submit an Ocelot Support Ticket.


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0