Home > Forum > CSP headers vs ladesk client

CSP headers vs ladesk client

Oct 26, 2017
Jakub Vagner wrote
Hi,
I've run into some issue setting up CSP security headers, in the final I had to allow 'unsafe-eval' in script-src .. otherwise, close button for the chat window wouldn't work at all (without any error/warning) .. also for chat buttons with requires customer to write something before the chat starts, the chat would never appear/start ..

so my question is, do you plan to implement version without using 'eval'?

thanks,
J.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
https://developer.chrome.com/extensions/contentSecurityPolicy
Reply
3 Answers
Oct 30, 2017
Ondrej agent wrote
Hi Jakub,

yes we have it in medium term plan. We are considering creating completely new more lightweight and simple client side contact widgets.
However for now using eval(...) is required for correct functioning of most LiveAgent contact widgets.
Mar 02 (3 months ago)
Andreas Hedlund wrote
Are there any updates regarding the use of EVAL?
Mar 02 (3 months ago)
Ondrej agent wrote
Hello Andreas,

unfortunately there are no updates yet. eval is still required by contact widgets.

Ready to try LiveAgent?

It's free for the first 14 days! No credit card required.

Get Started
We work well with others...
Magento Joomla Wordpress Mailchimp
Contact us

support@liveagent.com

+1-800-811-6590 (Toll Free in USA & Canada)

+421 2 33 456 826 (European Union & Worldwide)

Quality Unit, LLC 616 Corporate Way, Suite 2-3278 Valley Cottage, NY 10989

Stay in touch
Blog Google+
© 2004-2020 LiveAgent.com, All rights reserved