Full disclosure - I do not consider myself a CSP guru!
With that said, I think there are scenarios where it would be ideal to whitelist the domain, and other scenarios where it’s better to target the individual scripts. I’m pretty sure it depends on how many scripts you find you need to whitelist, whether you trust the source, etc. I’ll add a note to the guide that mentions that you can use the domain as a cover-all if needed.
The settings in the provided screenshots definitely were a little overkill, but I imagine that was just an attempt to cover everything since nothing was working.
I just tried adding Pure Chat to my test site as an experiment. I could get it working on Chrome using a hash, but it wasn’t enough for Safari and Firefox. I ran it by Penar and this does appear to be one of those unfortunate situations that will requrire 'unsafe-inline' as mentioned in:
@BishopV I think your only option if you choose to stay with Pure Chat is to remove all of the entries you have in that setting and add 'unsafe-inline' at the cost of security.
Have you considered using HubSpot chat integration instead? That appears to play very well with our CSP policy.