Securing Drift on your Site
A Content Security Policy (CSP) is a set of rules that define what content on a webpage can or cannot be loaded by a visitor’s browser.
If your app doesn't have a CSP
If you’re interested in learning more about the benefits of adding a CSPs to your site and how you can set one up, this article from Codeship is a great place to start.
script-src 'self' https://js.driftt.com; https://widget.drift.com; frame-src 'self' https://js.driftt.com; https://widget.drift.com;
A few more steps for Salesforce Experience Builder (Community) Pages
First, add 'https://js.driftt.com' to the whitelist in Salesforce Experience Builder within
Settings > Security > Trusted Sites for Scripts. Then, open Salesforce Setup and search for
Content Security Policy Trusted sites, before adding that same URL as a Trusted Site with the 'Community' context.
Quick explanation of these rules
This enables the Drift widget's iframe to be loaded on your site from https://js.drift.com. The majority of the widget's assets are loaded from within this iframe so they are already sandboxed from the rest of your sites content.
Updated about 1 year ago