Salesforce Communities / Experience
Experience builder CSP security level
In the Security & Privacy section of the experience builder settings is a subsection called Content Security Policy (CSP). The setting "Security Level" needs to be set to "Relaxed CSP: Permit Access to Inline Scripts and Allowed Hosts". This unlocks the ability to set CSPs for Talkative URLs.
Experience Builder Trusted Sites
The following are a list of sites that need to be added to the "Trusted Sites for Scripts" subsection found in the "Security & Privacy" section of the experience builder.
- Engage US
- reason: loading js script for widget from main engage website
- url: https://us.engage.app etc.
- Talkative CDN
- reason: loading additional script files from the Talkative CDN
- url: https://talkative-cdn.com
CSP Trusted Sites
These sites need to be added to the org's CSP trusted sites list. This can be found in the settings area of the main org (not in the experience builder). Go to Settings, then in the sidebar menu search box type "CSP Trusted Sites". Click the link in the sidebar to take you to the index page that allows you to create new CSP trusted site entries.
- Engage s3 bucket
- reason: handles file uploads / avatar
- URL, either:
- https://us-engage-app.s3.us-east-2.amazonaws.com/
- https://eu-engage-app.s3.eu-west-1.amazonaws.com/
- allow: img-src, media-src
- context: Experience Builder Sites
- Engage main site:
- reason: js http communication with engage api
- URL, either:
- allow: connect-src
- context: Experience Builder Sites
- sentry
- reason: error logging
- url: https://sentry.io
- allow: connect-src
- context: Experience Builder Sites
- pusher sockjs
- reason: websockets realtime connection
- URL, either:
- allow: connect-src
- context: Experience Builder Sites
- pusher websocket
- reason: websockets realtime connection
- URL, either:
- wss://ws-us2.pusher.com
- wss://ws-eu.pusher.com
- allow: connect-src
- Talkative video CDN
- reason: WebRTC-powered voice/video connection
- URL: https://talkative-cdn.com/
- Cobrowse
- reason: websocket connection for cobrowse connection
- URL, either:
- wss://eu.talkative-ws.com/
- wss://us.talkative-ws.com/
Adding script snippet
In the experience builder settings, go to the "Advanced" section, then click "Edit head markup". Then paste the snippet into the newly opened code editor.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article