The Mavenoid assistant requires several resources hosted on mavenoid.com and a few other domains. If your website is using a content security policy (CSP), you will need to ensure that policy allows the required resources.
How to tell if this is a problem
If your website's content security policy blocks a Mavenoid resource, the assistant may not load or may look incorrect. You will see an error like this in the developer console:
Content Security Policy: The page's settings blocked the loading of a resource at https://app.mavenoid.com/static/js/21.8eafcd6b.chunk.js ("default-src").
The exact URL and text in parentheses may differ.
How to fix it
Be careful adding new directives. Work with your development and security teams to determine the correct set of directives to use.
For each of the following fetch directives, if your site is using a restrictive policy you will need to add the listed values.
connect-src *.mavenoid.com *.mavenoidfiles.com wss://*.twilio.com *.sentry.io api.segment.io edge.fullstory.com rs.fullstory.com font-src *.mavenoid.com use.fontawesome.com img-src *.mavenoid.com *.mavenoidfiles.com script-src *.mavenoid.com cdn.segment.com/analytics.js edge.fullstory.com fullstory.com style-src use.fontawesome.com *.mavenoid.com media-src *.mavenoidfiles.com mediastream:
For example, if your content security policy is set to the following:
Content-Security-Policy: default-src *; script-src *.example.com
We recommend updating it to the following:
Content-Security-Policy: default-src *; script-src *.example.com *.mavenoid.com cdn.segment.com/analytics.js edge.fullstory.com fullstory.com
If your flows include embedded videos
If your flows include embedded YouTube or Vimeo videos, your site will also need to allow the use of frames embedding content from those sites. If your site is using a policy including the
frame-src fetch directive, you will need to allow
*.vimeo.com for that directive depending which site you are embedding from.
If the policy restricts by scheme
If your website's policy restricts by scheme, ensure that
blob: is allowed for any