This article provides details on configuring the content security policy (CSP) for Freshdesk portal layout customization. CSP is a security layer that protects your Freshdesk portal from attacks.

To configure CSP:

  1. Log in to Freshdesk as admin.

  2. If you have a Classic and Mint Theme (portal v1), go to Admin > Portals >Customize portals and select Layout & pages.

  3. Under Head, enter the content security policy syntax.; style-src; frame-src; connect-src" />

    For portal Classic and Mint Theme, add 'unsafe-eval' in script & style source.

    Example: * https://* 'unsafe-inline'; connect-src https://* https://*" /> 

  4. If you have a Marina theme (portal v2), go to Admin > Portals > Customize and select Edit theme.

  5. Click on the Pages tab. 

  6. Under Head, enter the content security policy syntax.

  7.; style-src; frame-src; connect-src" />

  8. After making the changes, Save and Publish.

You can check if the CSP layer is reflected in your portal by checking the sources. To find the sources on the portal, right-click anywhere on the portal and select Inspect > Select Elements tab.

List of default sources:
Along with default sources, add the sources based on your customizations to avoid disruptions in the flow.

Script source: "* * 
https://* 'unsafe-inline'"
font source: "* * data:"
style source: "* * https://* 'unsafe-inline'"
connect source: "https://* https://*"
frame source: "https:"
image source: "https: data: blob:"

Note: For accounts with cname domains, add the domain name in all the source tags. Ex: image source: "https: data: blob: "