I’m currently developing a chatbot using RASA. Now we want to include the chatbot in our website using socket.io
The guy from the website team asks me to set in socket.io’s Content Security Policy Header the default-src or connect-src value, since he get following error:
xyz.js:1 Refused to connect to ‘http://$OUR_URL$/socket.io/?EIO=3&transport=polling&t=MoAsBla’ because it violates the following Content Security Policy directive: “default-src https: http://localhost”. Note that ‘connect-src’ was not explicitly set, so ‘default-src’ is used as a fallback.
When opening the website on a local server on localhost it works. It don’t works when the website is deployed to a server.
However I don’t find where I can set it.
Can anybody help? Thanks!