Overview
To enhance the user experience, we offer a "Shared Board" mode within the Salespeak chat widget. Instead of opening links in a new tab, this feature allows us to display links directly within the widget via an iframe. While this is not mandatory, it provides a smoother and more integrated experience for visitors.
To enable this functionality, please whitelist brain.salespeak.ai by updating your security settings as follows.
Steps to Allow brain.salespeak.ai to Iframe Your Domain
1. Update Content Security Policy (CSP)
Modify your server’s Content Security Policy (CSP) to include brain.salespeak.ai under the frame-ancestors directive. This allows our domain to embed your content in an iframe.
Example CSP header:
Content-Security-Policy: frame-ancestors 'self' https://brain.salespeak.ai;If your CSP is configured in an HTML <meta> tag, update it accordingly:
<meta http-equiv="Content-Security-Policy" content="frame-ancestors 'self' https://brain.salespeak.ai;">2. Adjust X-Frame-Options Header
Ensure that the X-Frame-Options header is either not set or explicitly allows brain.salespeak.ai.
Recommended setting:
X-Frame-Options: ALLOW-FROM https://brain.salespeak.aiNote: The
X-Frame-Optionsheader is being phased out in favor of CSP'sframe-ancestorsdirective. However, if your application still relies on it, ensure that it does not conflict with the CSP settings.
Implementation Considerations
-
If you use a Content Delivery Network (CDN) or a Web Application Firewall (WAF), ensure that these security settings are also applied there.
-
Test the integration by embedding a sample iframe pointing to your domain from
brain.salespeak.ai. -
Review your existing security policies to confirm that these changes do not introduce vulnerabilities.
If you have any issues implementing these changes, please reach out to our support team for assistance.