We wanted to provide an option for users to specify the domains on which
they can show the website. The rest of the sites shouldn't see the
widget at all.
It's not possible generally through Origin because you can't get Origin
when loading via an iframe. What I've done is add frame ancestors for
the domains specified in allowed domains. I hope this solves most of the
problems.
This is added in a way that it won't affect existing widgets. Only If
they have configured allowed domains, it will start blocking. Otherwise,
it would follow the previous behavior without any changes.
This change supports called wild card domains as well. You can add a
comma‑separated list of domains, either wild card or regular domains.
---
To test, deploy to staging. Call the following API to update the
allowed_domains list.
```
URL: PATCH /api/v1/accounts/<account-id>/inboxes/<inbox-id>
Payload:
{
"channel": { "allowed_domains": "*.chatwoot.dev,chatwoot.com" }
}
```
Fixes https://github.com/chatwoot/chatwoot/issues/1985
This allows a user to add/update a custom regex and a cue while defining custom attributes(Only applicable for type- text).
While adding/editing custom attributes, the values are validated against the attribute definition regex, and if it is incorrect, a cue message or default error message is shown and restricts invalid values from being saved.
Fixes: #6866
* If enabled, enforces user validation with identifier_hash
* Fixes the hmac flag payload
* Adds missing i18n label for checkbox
* If enabled, Adds EOF on json file
* If applied, Handles HMAC Disable option
Co-authored-by: Tejaswini Chile <tejaswini776@gmail.com>
Co-authored-by: Sivin Varghese <64252451+iamsivin@users.noreply.github.com>
- Ability to configure line bots as a channel in chatwoot
- Receive a message sent to the line bot in chatwoot
- Ability to reply to line users from chatwoot
fixes: #2738
- Ability to configure telegram bots as a channel in chatwoot
- Receive a message sent to the telegram bot in chatwoot
- Ability to reply to telegram users from chatwoot
- Receive attachment messages in chatwoot
fixes: #1843
POSTGRES_PORT was not taking effect if provided separately
instead of using DATABASE_URL. This adds support for using
databases running on non-standard ports.
#1145#1147
Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
* feat: HMAC verification for web widget. Let you verify the authenticated contact via HMAC on the web widget to prevent data tampering.
* Add docs for identity-validation
Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
* Chore: Webwidget Inbox Tech Debts
* Additional customization options creating Web Widget
* Changes to edit Page for Web Widget
* Remove the WebWidget API end points
* Minor chores
Address: #680, #502
Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com>
* Refactor: Inbox store, remove inboxes from sidebar
* Add a new page for inbox settings
* Show inboxes on sidebar
* Add inbox_members API
* Disable similar-code check
* Fix codeclimate scss issues
* Add widget_color update API and actions
* Add specs for inbox store
* Fix Facebook auth flow
* Fix agent loading, inbox name
* Add annotate gem to the project
* Annotate models, fixtures, factories and model_specs
* Keep annotations only in Models
* Remove unwanted changes in model specs
* Exclude auto_annotate_models from rubocop
