Top
What are the trusted Whatfix domains to whitelist?
  • 29 Oct 2024
  • 1 Minute To Read
  • Dark
    Light
  • PDF

What are the trusted Whatfix domains to whitelist?

  • Dark
    Light
  • PDF

Article summary

If your organization uses a firewall to restrict network access to only specific websites or software, then you need to whitelist the following domains to ensure that your app can communicate with Whatfix and fetch content for your end users to view.

Also, if your organization has a Content Security Policy (CSP) in place to block external code insertions, it could prevent Whatfix from working on your app.

To prevent this from happening and to resolve CSP violation errors, the following domains must be added as an exception (Whitelisted) as part of the application's CSP headers. For more information, see Content Security Policy Reference.

CSP directives to whitelist for all data centers:

The following subdomains need to be whitelisted under all three CSP directives, that is, frame-src, connect-src, and script-src:

Your title goes here
If you cannot whitelist the subdomains, use the following URL patterns to ensure that your app can communicate with Whatfix:

Non-EU data centres:
  • https://cdn.whatfix.com/prod/*
  • https://whatfix.com/service/*

EU data centres:

  • https://eucdn.whatfix.com/prod/*
  • https://eu.whatfix.com/service/*
Your title goes here
  • Both https://whatfix.com and https://cdn.whatfix.com use Port 443, which is the port for the HTTPS Protocol. 
  • Depending on the deployment model, you need to whitelist only the necessary directives.
Info:

The following domains also need to be whitelisted if you have configured Google Analytics for your account:

Whitelist Google Analytics (GA) domains only if you have GA configured for your account.
Deployment ModelCSP DirectivesDomain/value
Export (Content on the same server)connect-src *whatfix.com
style-srcunsafe-inline
img-srcdata:
font-src
*.whatfix.com
Export (Content fetched from a different domain server)connect-src*whatfix.com
script-src *.<domain>, <domain>
frame-src
style-src unsafe-inline
img-srcdata:
font-src
*.whatfix.com
CDNconnect-src*.whatfix.com
script-src
*.whatfix.com

frame-src
style-srcunsafe-inline
img-src data:
font-src
*.whatfix.com



Note
  • Your IT Admin can help whitelist the domains mentioned.
  • If you are using any video or image links in your Whatfix content, then you need to whitelist those domains as well. For example, if you embed a YouTube video in a Pop-up, you need to whitelist youtube.com.

When do domains need whitelisting?

Whatfix recommends whitelisting the domains as soon as you start creating content on Whatfix. This way, content creators will not have any issues previewing and testing the content.

IP addresses to Whitelist

To ensure that Whatfix can access your organization's resources for crawling knowledge base content and integrations, you need to whitelist the certain IP addresses. For a list of all the IP addresses you need to whitelist, see IP Ranges.

Note
IP addresses are the same for all users.

Best Practices

Ensure that you have applied the policy to every page. This must include error pages as well.




Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.