search

tomlutzenberger / yii2-smartsupp-chat

Yii2 Widget for Smartsupp Chat
MIT License
2 stars 1 forks source link

How to enable CSP settings automatically using this extension ? #1

Closed i-internet closed 3 years ago

i-internet commented 3 years ago

Thanks for your awesome widgets really appreciate. I am facing one issue as smartsupp is not recording videos and i have contacted them for the same and this is what they want me to do ?

CSP settings settings and must follow this tutorial below:https://help.smartlook.com/en/articles/3470377-content-security-policy-csp-smartlook

I would like to verify if this widget contains such features already and if not then could you verify how can we achieve this ?

tomlutzenberger commented 3 years ago

Hello and thank you very much. I didn't notice they added a video recording feature.

It seems this issue is related to your server configuration, because this extension only adds functionality to use smartsupp in a comfortable way, like injecting their script into the webpage. I recommend you to read more about CSP and configure your server accordingly: https://blog.jscrambler.com/an-introduction-to-csp/ https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Hopefully this helps.

i-internet commented 3 years ago

Thanks for replying I figured it out . This is what we need to add to make it working.

First install this extension

composer require hyperia/yii2-secure-headers:"^2.0"

Then in your main/web.php add below settings

function generateRandomString($length = 10)
{
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $charactersLength = strlen($characters);
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, $charactersLength - 1)];
    }
    return $randomString;
}

$randomNonce = generateRandomString(64);

//Under components
'headers' => [
            'class' => '\hyperia\security\Headers',
            'cspDirectives' => [
                'default-src' => "'self'",
                'connect-src' => "'self' https://*.smartlook.com https://*.smartlook.cloud",
                'script-src' => "'self' https://*.smartlook.com https://*.smartlook.cloud 'nonce-$randomNonce' 'unsafe-eval'",
                'worker-src' => "'self' blob:",
            ],
        ],