Violation of content security policy due to the usage of inline styling in the tawk.to

I have incorporated Tawk.to's chat widget codes into my website to include the chat bubble. The code is placed within a JS file:

var Tawk_API = Tawk_API || {}, Tawk_LoadStart = new Date();

(function() {
var s1 = document.createElement("script"), s0 = document.getElementsByTagName("script")[0];
s1.async = true;
s1.src = 'https://embed.tawk.to/xxxxxx/default';
s1.charset = 'UTF-8';
s1.setAttribute('crossorigin', '*');
s0.parentNode.insertBefore(s1, s0);
})();

In my HTML file, I am including it as a <script>. It functions properly. However, the problem arises when this code violates some of my website's Content Security Policies. Due to security reasons, I do not allow inline styling in my content security policies, and it seems that 'https://embed.tawk.to/xxxxxx/default' does contain some inline styling. Is there a solution to this issue without compromising my website's policy on inline styling?

javascriptcontent-security-policytawk.to

Answer №1

The Tawk.to widget is filled with inline styles in tags and blocks, making it impractical to allow a 'hash-value' for them.

To maintain security in my content security policies, I do not permit any inline styling for safety reasons.

Is it possible to use 'unsafe-inline' in script? It poses more risks than in style-src. You may consider allowing the inline script of the widget itself using a 'nonce-base64value' token, but Tawk.to's widget utilizes javascript:-navigation, so without 'unsafe-inline' in script-src, you will encounter CSP violations. Try clicking on smile icons and check the browser console for errors.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Discover the magic of triggering events that dynamically alter CSS styles

I am trying to implement an eventBus in the App.vue component that allows me to change a modal's CSS based on a payload object. For example, if I pass { type: 'success' }, the border of the modal should turn green, and if I pass { type: &apo ...

javascriptvue.js

Error in ng-repeat loop: detecting duplicates when none are present

$scope.subjects = [ "Computer Security", "Graphics and Multimedia", "Networks", "Computer Science and Engineering", "Game Design", "Programming", "Information Technology", "Software Engineering", "Technology Manageme ...

javascriptangularjsangularjs-ng-repeat

Unable to locate a contact within the state

Currently, I am diving into the world of React by exploring its documentation and challenging myself to build a small chat application. While I have a good grasp on the basics, I am encountering some issues with states. Within my code, there is an object ...

javascriptreactjsreact-state

What is the reason behind Angular generating files with 'es5' and 'es2015' extensions instead of 'es6' (or no extension)?

Recently, I installed the Angular CLI (@angular/cli 9.0.1). My goal was to create a new Angular Element, package it, and then integrate it into another application. Following several blog tutorials, I found that they all mentioned the final step of creati ...

javascriptangulartypescriptangular-elements

Update object properties in Angular controller dynamically

Take a look at my simple plunker Within the code, I am attempting to link a scope variable to an object property. $scope.name = 'World'; var obj = { "name":$scope.name } $scope.$watch('name', function(){ console.log(obj["name"]); ...

javascriptangularjs

Change the color of a c3js chart when it loads

I have been searching for a way to customize the color of a scatter chart's plot, and I came across an example that uses d3 code within the chart http://jsfiddle.net/ot19Lyt8/9/ onmouseover: function (d) { d3.select(d3.selectAll("circle ...

javascriptjqueryd3.jsc3.js

Creating evenly spaced PHP-generated divs without utilizing flexbox

My goal is to display images randomly from my image file using PHP, which is working fine. However, I am facing an issue with spacing the images evenly to fill the width of my site. This is how it currently appears: https://i.stack.imgur.com/AzKTK.png I ...

javascriptphphtmlcss

Why does the for loop function correctly with console.log but not with innerHTML?

Hello! I'm completely new to JavaScript, so please excuse any oversight... Below is the code that runs when a button on the page is clicked: function getNumbers() { var firstValue = document.getElementById("time_one").value; var ...

javascripthtmlfor-loopinnerhtmlconsole.log

Button react-native press following textInput within scroll view aware of keyboard movements

I'm currently facing an issue where I have a TextInput and a button nested inside a KeyboardAwareScrollView. The goal is for the user to input some text and then tap the button created using TouchableOpacity, which should send the inputted text forwar ...

javascriptandroidiosreactjsreact-native

Struggling to make dynamically created SVG 'use' elements function properly

SVG offers a unique system with symbol and use where icons can be defined once and reused throughout the SVG using use. However, I am having trouble getting it to work from JavaScript. You can view an example on this JSFiddle link. When programmatically ...

javascriptsvg

Navigate to the middle of the visible area

Is there a way to automatically center a div when it is clicked, so that it scrolls to the middle of the browser viewport? I have seen examples using anchor points but I want to find a different solution. Any ideas on how to accomplish this without using ...

javascriptjqueryscrollcenterscrollto

What is the correct method for service injection in Angular 8?

I have encountered an issue while trying to inject a service into my main "App" component. The error message is shown in the screenshot below: constructor(private newsApi: NewsApiService) {} Upon importing the service using the code above, I received the ...

javascriptangularangular-servicesangular8

regex execution and testing exhibiting inconsistent behavior

The regex I am using has some named groups and it seems to match perfectly fine when tested in isolation, but for some reason, it does not work as expected within my running application environment. Below is the regex code that works everywhere except in ...

javascriptnode.jsregextypescript

Removing unnecessary keys from intricate JSON data (with the use of pure JavaScript)

I've experimented with various methods to dynamically parse and remove keys with empty values from a JSON file using JavaScript. Currently, I can successfully delete non-nested keys, except for empty strings that have a length greater than 0. My mai ...

javascriptjson

Can the sliding transition effect used in createMaterialTopTabNavigator be implemented in createMaterialBottomTabNavigator as well?

When using createMaterialTopTabNavigator, the transition from screen to screen involves a sliding effect as you press the tabs. On the other hand, createMaterialBottomTabNavigator uses a fading-in animation for its transitions. Is there a way to combine o ...

javascriptreactjsreact-nativereact-navigation

Wait for the canvas to fully load before locating the base64 data in HTML5

Wait until the full canvas is loaded before finding the base64 of that canvas, rather than relying on a fixed time interval. function make_base(bg_img, width, height) { return new Promise(function(resolve, reject) { base_image = new Image(); base_imag ...

javascripthtmlhtml5-canvas

Input the variant number TypeScript as the key value pair

I'm struggling to input an abi key "5777" in Typescript. When I receive a network ID and try to set it in the networks key, the linter displays an error. My issue is that I need to specify "networkId" and it's not always a fixed value like "5777 ...

javascripttypescriptsmartcontractsweb3jsabi

Removing an item from an ng-repeat loop while also dealing with a FormController within

I am encountering a significant issue with form inputs nested within the ng-repeat directive. I require an input that is an array and can vary in size; allowing users to add or remove parts of the form. Within the ng-repeat directive, there is an ng-form ...

javascriptangularjs

The presence of onChange?: (ValueType, ActionMeta) => void with OptionType is not compatible

After updating to version v2.4.2, I keep encountering an error from flow regarding react-select. It seems that I am passing the correct types to the handle change, which expects an array with objects + OptionType accepting any string [string]: any. Can som ...

javascriptreactjsflowtypereact-select

Personalizing/Concealing Navigation Controls

Looking for a way to customize the Navigation in the Pagination Plugin; changing 'First, Prev, Page 1, Page 2, Next, Last' to 'Prev, Next, Page 1 of 2' The documentation suggests using show_first_last set to false to hide 'First/L ...

javascriptjqueryhtmlcss