Schools may have a Content Security Policy (CSP) to ensure the content they display on their webpages is authorized. 


Schools will need to involve the people who edit the webpages for CSP settings.  It will be important for those people to understand how the CSP is currently configured at their school.


Schools who utilize a restrictive CSP will want to include some additional coding in the CSP header so that the chatbot, live chat, texting and other features from Ocelot will function successfully. Without adding Ocelot information to an existing/restrictive CSP, content from Ocelot may be blocked and not fully render.  In these cases, the webpage may not properly load all items and errors can occur.  See the below section for examples of the types of errors that may occur with the CSP definitions need attention.

If the school has a CSP, please have the person(s) responsible for the school's webpages review the information below. Please review any existing CSP and add the following settings to the existing CSP headers:

connect-srcwss://ai.ocelotbot.comAdd this when using the Live Chat
connect-srchttps://ai.ocelotbot.comAdd this when using the Chatbot 
font-srchttps://fonts.gstatic.com
Add this for utilizing Ocelot's fonts
frame-srchttps://embed.ocelotbot.comAdd this when viewing videos inside the Chatbot
img-srchttps://id.ocelotbot.comAdd this to attach images using the Chatbot and Live Chat 
style-srchttps://ai.ocelotbot.com https://fonts.googleapis.com 'unsafe-inline'
Add this when using Google APIs for fonts and styling on the Chatbot and Live Chat
script-srchttps://ai.ocelotbot.comUse this to enable the embedding code for the Chatbot



Chatbot

With CSP settings, the embedding of content will display correctly.

  • Without a CSP authorization,  videos in a bot response may not display and be able to play.  
  • Without a CSP authorization, a "Refuse to frame 'https://embed.ocelotbot.com/" error can occur because it violates any CSP directive.


Live Chat

In order for Live Chat to work effectively, your security configuration must permit WebSocket access to Ocelot's server. 

  • Make sure the following is added to your CSP headers: connect-src: wss://ai.ocelotbot.com
  • In general, Live Chat agents should have a stable network connection to ensure a smooth experience when using Live Chat. 
  • Agents may want to run a twilio network test to see how their system is performing. Any issues will be highlighted in red. If all areas pass but you're still having trouble diagnosing any problems, please contact Ocelot Support