How to Add Trusted Domains to Your Chat Widget in Bold Agent
Trusted domains allow you to control where the chat widget is allowed to appear. By adding trusted domains, you can restrict widget embedding to approved websites and prevent unauthorized usage.
This article explains how to add trusted domains for the chat widget in Bold Agent.
Prerequisites
- An Agent is created and published.
- You have the domain or subdomain details where the chat widget will be embedded.
Steps to Add Trusted Domains
- Log in to Bold Agent.
- Open Agent Builder and select the required agent.
- Navigate to Channels > Widget.
- Click the Preference tab.
- Enable the Trusted Domains option.
- Enter the domain or subdomain where the chat widget is allowed to load.
- Click Add domain, if additional domains required.
- Click Save.
Add Subdomains
You can add subdomains based on your requirement.
Add a Specific Subdomain
Use this option to allow the chat widget only on a specific subdomain.
support.example.com
Allow All Subdomains
Use an asterisk (*) to allow the chat widget on all subdomains of a domain.
*.example.com
https://*.example.com
Use Appropriate Domain Patterns
Bold Agent supports exact domain matching, wildcard domains, and URL path–based patterns. Use the appropriate format based on your access requirement.
| Domain Pattern | Access Rule |
|---|---|
| example.boldagent.ai | Exact domain match (supports both HTTP and HTTPS) |
| https://example.boldagent.ai | HTTPS-only match |
| *.boldagent.ai | Allows all subdomains of boldagent.ai |
| *.boldagent.ai/sales | Allows all subdomains with the /sales path |
| example.boldagent.ai/sales* | Allows URLs starting with /sales, including subpaths |
| example.boldagent.ai/sales | Allows only the exact /sales path |
Add Trusted Domain for iframe Embed Source
When embedding the chat widget using an iframe, the iframe source domain must be explicitly added to the Trusted Domains list.
If the iframe source domain is not authorized, the widget will not load inside the iframe.
When is this required?
You must add the iframe source domain if:
- The widget is embedded using an
<iframe>instead of direct script injection. - The iframe
srcpoints to Bold Agent widget infrastructure. - The widget does not render due to unauthorized or blocked iframe embedding.
Example iframe code
<!-- Replace {WIDGET-ID} with your actual widget ID -->
<iframe
src="https://yourdomain.com/widgetscript-api/v1/widgets/{WIDGET_ID}/iframe"
allow="microphone"
width="100%"
style="height:100%; min-height:700px"
frameborder="0">
</iframe>
In this example, the iframe source domain is:
https://yourdomain.com
This domain must be added to the Trusted Domains list.
How to add the iframe source domain
Follow these steps:
- Open the required agent in Agent Builder.
- In the left panel, select Widget.
- Open the required Chat Widget.
- Go to the Preference tab.
- Under Trusted Domains, turn on the toggle.
- Add the iframe source domain used in the
srcattribute. - Click Add domain.
- Click Save.
Example entries
- yourdomain.com
- https://yourdomain.com
- *.yourdomain.com
Notes
- If trusted domains are enabled and no domain is added, the chat widget will not load on any website.
- Ensure that domain entries are accurate and properly formatted.
- Refresh the webpage after updating trusted domains for the changes to take effect.
- Adding only the parent website domain where the iframe is embedded is not sufficient.
- The iframe source domain itself must be trusted.
- Use wildcard domains carefully to avoid allowing unauthorized embeds.
- The widget will load inside the iframe only after the iframe source domain is authorized.
