Skip to main content

What is Content Security Policy?

Content Security Policy (CSP) is a security standard that helps prevent cross-site scripting (XSS) attacks by controlling which resources can be loaded on your website. If your site uses CSP headers, you’ll need to configure them to allow the Molin AI widget to function properly.

Required CSP directives

DirectiveValuePurpose
script-src'self' https://widget.molin.aiJavaScript execution for the widget
frame-src'self' https://widget.molin.aiIframes and embedded content
style-src'self' 'unsafe-inline' https://widget.molin.aiWidget stylesheets and inline styles
connect-src'self' wss://molin.ai wss://widget.molin.ai https://widget.molin.aiAPI and WebSocket connections
img-src'self' https://widget.molin.aiWidget images and assets
media-srchttps://widget.molin.aiAudio files for notifications

Complete CSP policy

Content-Security-Policy: script-src 'self' https://widget.molin.ai; frame-src 'self' https://widget.molin.ai; style-src 'self' 'unsafe-inline' https://widget.molin.ai; connect-src 'self' wss://molin.ai wss://widget.molin.ai https://widget.molin.ai; img-src 'self' https://widget.molin.ai; media-src https://widget.molin.ai;

Testing your CSP

After implementing CSP headers:
  1. Open your browser’s developer console
  2. Load a page with the Molin widget
  3. Check for any CSP violation errors
  4. Verify the widget appears and functions correctly
I