Yura Kril

Hi Tipene Hughes,

Taras Velychko provided you with all the examples of how to easily reproduce this issue, and it is reproducible not only for us. Why is there no response from you and your team on this matter?

Hi Destiny,

Thank you for your response. I admit, this is not what I expected. However, in the interests of fairness, I would like you to change your documentation on this page: https://developer.zendesk.com/documentation/classic-web-widget-sdks/web-widget/integrating-with-google/csp/, as it is inaccurate and leads to wasted time for companies that want to comply with CSP.

Thank you for your understanding.

Hi Destiny,

Thank you for your response.

We are using the recommended setup (add the nonce attribute to the Web Widget snippet) from your documentation. However, if we do not add 'unsafe-inline' to style-src, the CSS styles do not load on the page and the chat does not display properly. You can easily reproduce this on your own Zendesk instance.

Chat view: 

Console:

All previous participants in this thread have described the problem in detail, but as I can see, you have not responded in any way in 3 years.

Thank you, and I hope one of your engineers will check and fix the problem.

We are having issues with the Content Security Policy (CSP) directive "style-src 'self' 'nonce-xxxxxxxxxxxxxxxxx'". This directive is preventing us from loading stylesheets from Zendesk chat, which is causing problems with the chat functionality.

We have been using the unsafe-inline option as a workaround, but this is not a good long-term solution. We would appreciate it if you could investigate this issue and provide a fix.