Mavenoid help center

Mavenoid help center

  • Admin
  • Flows
  • Agent dashboard

›How-to guides

Get started

  • Intro to administration
  • Tutorial - Quick start

Learn more

  • Understand organisations
  • Understand the assistant
  • Understand deep links
  • Understand preanswered key/values
  • Understand analytics
  • Understand help desk integration
  • Understand SSO integration

How-to guides

  • Create an account
  • Change your password
  • Contact support
  • Manage your team
  • Manage agent groups
  • Customize the assistant's appearance
  • Add the assistant to your website
  • Add the assistant to your mobile app
  • Add the assistant to your emails
  • Work with deep links
  • Work with preanswered key/values
  • Manage saved replies for use in live support
  • Integrate with Zendesk
  • Allow Mavenoid resources in your site's content security policy (CSP)

Reference

  • Roles and permissions
  • Assistant embed API
  • Assistant link parameters
  • Glossary of terms

Allow Mavenoid resources in your site's content security policy (CSP)

The Mavenoid assistant requires several resources hosted on mavenoid.com and a few other domains. If your website is using a content security policy (CSP), you will need to ensure that policy allows the required resources.

How to tell if this is a problem

If your website's content security policy blocks a Mavenoid resource, the assistant may not load or may look incorrect. You will see an error like this in the developer console:

Content Security Policy: The page's settings blocked the loading of a resource at https://app.mavenoid.com/static/js/21.8eafcd6b.chunk.js ("default-src").

The exact URL and text in parentheses may differ.

How to fix it

Be careful adding new directives. Work with your development and security teams to determine the correct set of directives to use.

For each of the following fetch directives, if your site is using a restrictive policy you will need to add the listed values.

connect-src *.mavenoid.com *.mavenoidfiles.com wss://*.twilio.com *.sentry.io
font-src *.mavenoid.com
img-src *.mavenoid.com *.mavenoidfiles.com
script-src *.mavenoid.com
style-src *.mavenoid.com
media-src *.mavenoidfiles.com mediastream:

For example, if your content security policy is set to the following:

Content-Security-Policy: default-src *; script-src *.example.com

We recommend updating it to the following:

Content-Security-Policy: default-src *; script-src *.example.com *.mavenoid.com

What each domain is used for

mavenoid.com

Serves the scripts that power the Mavenoid assistant, as well as some of the font, image, and style resources it uses.

If this domain is blocked, the assistant will not load at all.

mavenoidfiles.com

Serves any image assets or PDF documents embedded in a flow, any files uploaded by the user in a form, and any images or files shared in live support chat.

If this domain is blocked, none of these will display in the assistant.

twilio.com

Used in live support to connect agents and end users.

If this domain is blocked, live support won't work.

sentry.io

Detects and reports front-end errors.

If this domain is blocked, errors will not be reported automatically and will be harder to track and solve.

If your flows include embedded videos

If your flows include embedded YouTube or Vimeo videos, your site will also need to allow the use of frames embedding content from those sites. If your site is using a policy including the frame-src fetch directive, you will need to allow *.youtube.com and/or *.vimeo.com for that directive depending which site you are embedding from.

If the policy restricts by scheme

If your website's policy restricts by scheme, ensure that blob: is allowed for any script-src, worker-src, or img-src directives.

Last updated on 1/31/2023
← Integrate with ZendeskRoles and permissions →
  • How to tell if this is a problem
  • How to fix it
    • What each domain is used for
    • If your flows include embedded videos
    • If the policy restricts by scheme
Help center
AdminFlowsAgent dashboard
Product
Self-serviceLive supportWhy Mavenoid?PricingGet a demoTry it free
Learn
Customer storiesBlogWebinarsHelp centerROI calculator
Company
About usCareersPressContact us
© Mavenoid AB 2023 • Privacy policy