Ui componentsCustomization guides

Content Security Policy

Configure CSP for Inkeep's UI components.

Allowlisting request endpoints

If your app or website has a strict Content Security Policy, you may need to allowlist the following domains:

https://api.inkeep.com
https://api.io.inkeep.com

Alternatively, you can set up a proxy instead using the chatApiProxyDomain and analyticsApiProxyDomain, see here for more details.

Allowlisting the script source

If you are loading the widget via a JS Snippet you may also need to allowlist:

https://cdn.jsdelivr.net or https://uikit.inkeep.com

Self hosting the JS file

If you would like to host the JS file yourself, you can do so by downloading the file from here and hosting it on your own server.

Navigate here
Right click and save as inkeep-cxkit-{version}.js, you can find the version of the package here
Add the file to your project
Replace the url in the script tag with the path to your file:

<!-- this assumes the inkeep-cxkit-{version}.js file is in the root of your project  -->
<script type="module" src="./inkeep-cxkit-{version}.js" defer></script>

Note that if you need to update the package version, you will need to download the new version and replace the file in your project and update the script tag accordingly.

Filter or scope down sources available to the assistant API keys for Public Assistants

On this page

Allowlisting request endpoints

Allowlisting the script source

Self hosting the JS file