Ui componentsCustomization guides

Content Security Policy

Configure CSP for Inkeep's UI components.

Allowlisting request endpoints

If your app or website has a strict Content Security Policy, you may need to allowlist the following domains:

  • https://api.inkeep.com
  • https://api.io.inkeep.com

Alternatively, you can set up a proxy instead using the chatApiProxyDomain and analyticsApiProxyDomain, see here for more details.

Allowlisting the script source

If you are loading the widget via a JS Snippet you may also need to allowlist:

  • https://cdn.jsdelivr.net or https://uikit.inkeep.com

Self hosting the JS file

If you would like to host the JS file yourself, you can do so by downloading the file from here and hosting it on your own server.

  1. Navigate here
  2. Right click and save as inkeep-cxkit-{version}.js, you can find the version of the package here
  3. Add the file to your project
  4. Replace the url in the script tag with the path to your file:
<!-- this assumes the inkeep-cxkit-{version}.js file is in the root of your project  -->
<script type="module" src="./inkeep-cxkit-{version}.js" defer></script>
  1. Note that if you need to update the package version, you will need to download the new version and replace the file in your project and update the script tag accordingly.

On this page