1

I’m using Magento 2.4.8 and getting CSP (Content Security Policy) errors. Because of these errors, our ClickDesk chat functionality is not working.

To fix this issue:

I created a custom plugin (app/code/Vendor/CspAllowClickdesk/etc/csp_whitelist.xml) but it is not working.

We also tried the We M.Academy plugin for CSP allowlist, but that didn’t work either.

I even contacted ClickDesk support, but no luck so far.

<?xml version="1.0"?>
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
 <policies>
 <policy id="default-src">
 <values>
 <value id="www.oursitedomain.com" type="host">www.oursitedomain.com</value>
 <value id="bat.bing.com" type="host">bat.bing.com</value>
 <value id="www.google.com" type="host">www.google.com</value>
 <value id="play.google.com" type="host">play.google.com</value>
 <value id="app.omniconvert.com" type="host">app.omniconvert.com</value>
 <value id="google.com" type="host">google.com</value>
 </values>
 </policy>
 <policy id="script-src">
 <values>
 
 <value id="clickdesk" type="host">https://*.clickdesk.com</value>
 <value id="clickdesk-cdn" type="host">https://cdn.clickdesk.com</value>
 </values>
 </policy>
 <policy id="style-src">
 <values>
 <value id="www.oursitedomain.com" type="host">www.oursitedomain.com</value>
 </values>
 </policy>
 <policy id="img-src">
 <values>
 
 <value id="clickdesk" type="host">https://*.clickdesk.com</value>
 </values>
 </policy>
 <policy id="font-src">
 <values>
 <value id="www.oursitedomain.com" type="host">www.oursitedomain.com</value>
 </values>
 </policy>
 <policy id="connect-src">
 <values>
 
 <value id="clickdesk" type="host">https://*.clickdesk.com</value>
 </values>
 </policy>
 <policy id="frame-src">
 <values>
 <value id="www.google.com" type="host">www.google.com</value>
 <value id="www.googletagmanager.com" type="host">www.googletagmanager.com</value>
 </values>
 </policy>
 </policies>
</csp_whitelist>
hakre
200k55 gold badges454 silver badges868 bronze badges
asked Sep 10, 2025 at 11:01
2
  • 2
    I can see a difference between the clickdesk entries and all the other ones... have you tried it without the protocol? Commented Sep 10, 2025 at 11:17
  • Additionally to what has been commented, add the error message you're facing in text-form won't hurt instead of just "is not working". Feel free to edit it after the first paragraph or similar. Commented Sep 11, 2025 at 4:23

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.