anandaashish74711
commented
1 week ago Hi @vsnshanmuganathan and @baptisteArno, I'd like to work on this issue and propose a solution. Could you please assign this task to me?
Open vsnshanmuganathan opened 1 week ago
anandaashish74711
commented
1 week ago Hi @vsnshanmuganathan and @baptisteArno, I'd like to work on this issue and propose a solution. Could you please assign this task to me?
Is your feature request related to a problem? Please describe.
When we configure Allowed Origins with our specified domains, it restricts access for other domains. However, if the bot can be accessed directly via URL, it remains open to everyone. This means that while the restriction effectively prevents external sites from embedding the bot, it does not stop unauthorized access through direct links.
Describe the solution you'd like I recommend adding an option or toggle in either the Security Settings or Share tab that allows us to control whether the bot can be accessed directly via URL. This feature would help prevent unauthorized access to the bots.
Describe alternatives you've considered At present, I don't see any alternative solutions to address this issue. Even when embedding bots in an iframe, users can right-click and inspect the element, revealing the bot's URL, which can then be easily copied and accessed by anyone.