-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User Identity Validation isn’t filtering out the unverified users/messages as expected #9493
Comments
@gabediazm In my case, when I choose "Enforce User Identity Validation" I start to receive the error at console (below).
|
@fabr2004 Tested and not getting any error in console: |
@gabediazm |
@gabediazm |
@fabr2004 Im using |
There is a newer version, 3.9.0, but this issue does also occur at this newer version (I'm currently using it, |
The current behavior of enforced identity validation is over the setUser call alone. When mandatory HMAC is enabled, user attributes can’t be set from the frontend without the HMAC token. The recommendation is not to include the Chatwoot widget JavaScript on non-authenticated pages if you want to avoid the chats. We will look into making this configurable. |
Describe the bug
I am using the Chatwoot widget on my website hosted in my server. Despite enabling Identity validation using HMAC as per the Chatwoot Guide, I am encountering an issue where messages from unverified users still appear in my inbox. Verified users are working as expected, but the validation does not seem to prevent unverified users' messages from being displayed.
To Reproduce
Copy the Chatwoot widget script:
Navigate to: Account Settings -> Inboxes -> [Inbox Name] -> Configuration -> Messenger Script
Copy the provided widget script.
Launch your website with the imported widget:
Expected behavior
Messages from unverified users should not appear in the inbox. Only messages from users who have been successfully verified through HMAC identity validation should be visible.
Environment
Other [please specify in the description]
Cloud Provider
None
Platform
Browser
Operating system
No response
Browser and version
No response
Docker (if applicable)
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: