How to Insert Blip Desk into Your Website? November 21, 2024 17:07 Updated Index: Introduction What is Content Security Policy (CSP) and why is it important? What are the necessary steps to get Content Security Policy (CSP) clearance? Frequently Asked Questions (FAQ) Introduction Currently, at Blip, our clients can embed Blip Desk within their page via iframe or add it to a CRM with their own or third-party integrations. This means the client can access the Desk using a more familiar address and within their own domain, as shown in the example below: Homepage of a Page with Blip Desk Integrated Using iframe However, for this integration to work correctly, it is first necessary to go through the process of Content Security Policy (CSP) clearance. What is Content Security Policy (CSP) and why is it important? Content Security Policy (CSP) is a security tool that allows us to specify which content sources are trusted to be loaded on a web page, controlling scripts, styles, images, and helping to prevent attacks like Cross-Site Scripting (XSS). To give you an idea of how this attack works, see the image below. Invasion Process via Cross-Site Scripting (XSS) For this reason, we understand the importance of having this security trigger in place to protect our page, brand, and customers against these attacks. What are the necessary steps to get Content Security Policy (CSP) clearance? Step 1Open a Support Ticket - To begin the process, it is essential to open a support ticket with our team via the link https://support.blip.ai/hc/en-us. In this ticket, specify the URLs where you want Blip Desk to be embedded. If you want Blip Desk to be cleared for testing environments such as HMG, Staging, or QA, it is also important to provide those URLs so they can be properly authorized. - In our example, we will embed the URL https://cliente.dominio.com.br. Step 2Embed Blip Desk with iFrame - After receiving confirmation from the support team that the URLs have been cleared, you can embed Blip Desk on your page using the iFrame tag in HTML. Feel free to adjust the position, size, and other settings as needed. See the example below. Step 3Verify the clearance - When rendering a page inside an iframe, the browser checks if the URL is authorized by the Content Security Policy (CSP) and functions normally. Possible error If the URL is not on the list of authorized URLs, the browser will display a blocking message similar to the image below. The blocking message and some limitations may vary from one browser to another, so it is necessary to evaluate each case individually. However, the clearance process will always remain the same, as described in this article. Note: Always use your contract URL to access Blip Desk, never the default URL https://desk.blip.ai. Step 4Done! After configuring correctly, the homepage will be ready for use. If errors persist or if you need a different configuration, consult our Frequently Asked Questions (FAQ) section. If your questions are still unresolved, feel free to open a new support ticket so our team can assist you: https://support.blip.ai/hc/en-us. We are always ready to help! Frequently Asked Questions (FAQ) 1. What do clients using federation (SSO) with Blip need to do?Clients using federation must carry out an internal process to authorize the CSP in their respective Lightweight Directory Access Protocol (LDAP), such as Azure AD. The URLs to be authorized are the same as those provided earlier.This process is necessary not because of Blip, but to ensure the security protection that Content Security Policy (CSP) provides. An alternative is to log in to Blip in one tab and then open the address where Blip Desk is embedded in a second tab. However, this solution may not work in all browsers. 2. Can I log in to Blip using my Google account?No, logging in via Google is not possible because Google itself will block the rendering of the page due to the lack of Content Security Policy (CSP) clearance. 3. What should I know about logging in using incognito tabs?Logging in using incognito tabs may fail in some browsers due to restrictions on the use of third-party cookies in the user's settings. 4. I’m having trouble opening PDF files inside the Desk in CRM Dynamics. What’s happening?Currently, we are investigating an issue related to opening PDF files within the Desk when embedded in CRM Dynamics, and we are working on a solution. For more information, visit the discussion on this topic in our community or the videos on our channel. 😃 Related articles Analytics Features of the Blip Chat Widget Technical Data & Other Definitions - STILINGUE Active Messages - Error Codes Blip Desk Overview