HI, I have gone through the documentation provided in Cognigy site on embedding Webchat Widget on websites.
For Eg: in order to embed a trial end point in a website all I have to do is add below script. And the endpoint URL& token differs based on the organization(endpoint.abc.com).
<scriptsrc="https://github.com/Cognigy/WebchatWidget/releases/download/v2.20.0/webchat.js"></script>
<!-- Initialize the Webchat towards a Cogngiy Endpoint via initWebchat() -->
And if someone/attacker use this script and endpoint details in other web application they can also spin up the whole Chat Widget and can establish connection to our Cognigy AI instances by pass whole authentication mechanism.
How can we restrict this is there any authentication/tracking mechanism I can place before executing the flow to check if the request is coming from my site not from any attacker?
Comments
1 comment