Plans supporting addition of widget
| Professional | Business | Enterprise |
|---|---|---|
Content Security Policy (CSP) is a security feature that helps prevent attacks like Cross-Site Scripting (XSS) by allowing developers to specify which sources of content are trusted and can be loaded by the browser.
Whitelisting in software products involves specifying a list of approved entities (e.g., IP addresses, domains, email addresses) that are allowed to access certain resources or perform specific actions, thereby blocking any entities not on the list to enhance security.
Adding trusted content sources for the Document360 widget
When using the Document360 widget, certain trusted content sources need to be added to your existing CSP. This ensures that the widget functions correctly and securely.
For US users
Add the following sources to your connect-src, script-src-elem, font-src, and style-src-elem directives:
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Security-Policy" content="
connect-src
https://jx9o5re9su-dsn.algolia.net
https://apihub.us.document360.io/
https://api.us.document360.io/
https://gateway.us.document360.io
https://*.algolianet.com
https://js.monitor.azure.com;
script-src-elem
'nonce-document360Nonce'
https://cdn.us.document360.io
https://*.algolianet.com
https://cdn.jsdelivr.net
https://cdnjs.cloudflare.com
https://floik.com/exe/
*.floik.com;
font-src
https://fonts.gstatic.com
https://cdn.us.document360.io;
style-src-elem
'unsafe-inline'
'unsafe-eval'
https://cdn.us.document360.io/
https://cdn.jsdelivr.net
https://fonts.googleapis.com;">
</head>
</html>Replace "document360Nonce" with the nonce variable already available in your system.
For EU users
Add the following sources to your connect-src, script-src-elem, font-src, and style-src-elem directives:
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Security-Policy" content="
connect-src
https://jx9o5re9su-dsn.algolia.net
https://apihub.document360.io/
https://api.document360.io/
https://gateway.document360.io
https://*.algolianet.com
https://js.monitor.azure.com;
script-src-elem
'nonce-document360Nonce'
https://cdn.document360.io
https://*.algolianet.com
https://cdn.jsdelivr.net
https://cdnjs.cloudflare.com
https://floik.com/exe/
*.floik.com;
font-src
https://fonts.gstatic.com
https://cdn.document360.io;
style-src-elem
'unsafe-inline'
'unsafe-eval'
https://cdn.document360.io/
https://cdn.jsdelivr.net
https://fonts.googleapis.com;">
</head>
</html>Replace "document360Nonce" with the nonce variable already available in your system.
Updating your widget configuration
In your knowledge base portal:
Go to Widget () on the left navigation sidebar.
Select the required widget and click Edit ().
In the Configure and connect tab, expand the Widget JavaScript accordion under the Connection group.
For US customers
Update your code as follows, replacing "document360Nonce" with the nonce variable already available in your system:
<!-- Document360 knowledge base assistant start -->
<script nonce="document360Nonce">
(function (w,d,s,o,f,js,fjs) {
w['JS-Widget']=o;w[o] = w[o] || function () { (w[o].q = w[o].q || []).push(arguments) };
js = d.createElement(s), fjs = d.getElementsByTagName(s)[0];
js.id = o; js.src = f; js.async = 1; fjs.parentNode.insertBefore(js, fjs);
}(panel, document, 'script', 'mw', './widget.js'));
mw('init', { nonce:'document360Nonce',apiKey: 'klhgeGoqB8wlUwq2hraJ1zbOCq/V+wBiyGQNhXEKQ6MO7V1AhLuakiEimM6ims92AR7Bqt/eOaAz3SgInMvZTkZrt3F7QaEmWtX7DDDTtIJTruZdyIv+bDBTKVuPx4BsVUavm68/y4HV7h0ahKmDgQ==' });
//var jQuery_2_2_4 = $.noConflict(true);
</script>
<!-- Document360 knowledge base assistant end -->For EU customers
Update your code as follows, replacing "document360Nonce" with the nonce variable already available in your system:
<!-- Document360 knowledge base assistant start -->
<script nonce="document360Nonce">
(function (w,d,s,o,f,js,fjs) {
w['JS-Widget']=o;w[o] = w[o] || function () { (w[o].q = w[o].q || []).push(arguments) };
js = d.createElement(s), fjs = d.getElementsByTagName(s)[0];
js.id = o; js.src = f; js.async = 1; fjs.parentNode.insertBefore(js, fjs);
}(panel, document, 'script', 'mw', './widget.js'));
mw('init', { nonce:'document360Nonce',apiKey: 'klhgeGoqB8wlUwq2hraJ1zbOCq/V+wBiyGQNhXEKQ6MO7V1AhLuakiEimM6ims92AR7Bqt/eOaAz3SgInMvZTkZrt3F7QaEmWtX7DDDTtIJTruZdyIv+bDBTKVuPx4BsVUavm68/y4HV7h0ahKmDgQ==' });
//var jQuery_2_2_4 = $.noConflict(true);
</script>
<!-- Document360 knowledge base assistant end -->By following these steps, you can ensure that the Document360 widget operates securely and efficiently in your environment.
Troubleshooting
Unable to view certain content on the site
Error: This content is blocked. Contact the site owner to fix this issue
You might encounter this issue when the CSP settings in the Knowledge Base portal block the requested content. It typically happens due to restrictions on file source URLs or incorrect CSP configurations.
Steps to resolve:
Update the Content Security Policy:
a. Navigate to Settings () in the left navigation bar in the Knowledge base portal.
b. In the left navigation pane, navigate to Users & security > Security.
c. Under the Content Security Policy section, add the affected domain URL to the Source field to whitelist the required file source URLs.
If you do not wish to enable this feature, toggle off the Content Security Policy option.
Clear your browser cache: After making changes, clear your browser cache and revisit the site to verify if the issue is resolved. It may take a few moments for the updated settings to take effect.
Test the article in different environments:
a. Open the article in an incognito panel.
b. Test it across different browsers to confirm the issue is fixed.
Review KB widget settings: Ensure the application’s CSP settings are correctly configured to prevent errors in the Knowledge Base widget.
If the issue persists after following these steps, please contact the Document360 support team for further assistance: Contact Document360 Support
Provide the following details:
a. To verify whether the CSP has been applied correctly, open the Network tab in your browser’s Developer tools.
b. Share the details of the response headers to confirm the presence and configuration of the CSP.
FAQ
Why is the scroll bar not showing up on the Knowledge base widget?
The issue may be related to your application’s CSP rules. If your domain is not whitelisted in your CSP, it can prevent the scroll functionality from working properly. To resolve this issue, add the domain URL to your application’s CSP.