FAQ

Package Variants

Why are there separate packages now?

To ensure optimal performance and meet security requirements for different deployment environments, the SDK is now distributed in separate packages. This architectural change ensures that the appropriate build variant is determined at installation time, providing the right optimizations for each environment.

Which package should I use?

Development Package (gbgplc-smartcapture-web-development-vX.Y.Z.tgz): Use for local development, debugging, and automated testing. DevTools and debugging capabilities are fully enabled.
Production Package (gbgplc-smartcapture-web-production-vX.Y.Z.tgz): Required for all production deployments. Includes production optimizations and compliance features.
CSP-Compatible Package (gbgplc-smartcapture-web-csp-compatible-vX.Y.Z.tgz): Required for production environments that enforce Content Security Policy (CSP) headers. See the CSP Integration Guide for configuration requirements.

What happens if I accidentally deploy the development package to production?

The SDK will function normally, but you'll miss important production optimizations:

Production-specific optimizations will not be applied
DevTools will remain enabled
Compliance features may not be fully active

Always use the production package for production deployments. If you accidentally deployed the development package, redeploy with the production package immediately.

How do I verify which package I'm using?

Check your project's package.json file under the dependencies section. The filename will indicate the package variant:

gbgplc-smartcapture-web-development-vX.Y.Z.tgz = Development package
gbgplc-smartcapture-web-production-vX.Y.Z.tgz = Production package
gbgplc-smartcapture-web-csp-compatible-vX.Y.Z.tgz = CSP-Compatible package

Can I switch between packages without code changes?

Yes, with one exception. The component API is identical across all packages. Simply:

Update which .tgz file is referenced in your package.json
Run npm install
Rebuild your application

Exception — switching to the CSP-Compatible package: In addition to the steps above, the CSP-Compatible package requires two extra setup steps that the other packages do not: copying the idlive-capture folder to your public directory and adding a <script> tag to your HTML. See the CSP Integration Guide for details.

Can I use the development package in staging environments?

Yes, but we strongly recommend using the production package in staging to match production behavior exactly. This ensures your testing environment mirrors production as closely as possible.

Use the development package only for:

Local development
Debugging issues
Automated testing that requires DevTools access

Content Security Policy (CSP)

What is Content Security Policy (CSP)?

Content Security Policy (CSP) is a security standard that helps prevent Cross-Site Scripting (XSS) attacks and other code injection attacks. It works by restricting the sources from which content can be loaded and executed on a web page.

Do I need the CSP-Compatible package?

You need the CSP-Compatible package if your application:

Enforces CSP headers in production
Has security requirements that prohibit 'unsafe-eval' or 'unsafe-inline' directives
Must comply with strict security policies (e.g., PCI-DSS, HIPAA, or enterprise security standards)

If your application doesn't use CSP headers, use the standard Production Package instead.

What CSP directives does the SDK require?

The CSP-Compatible package requires specific directives to function. See the complete CSP Integration Guide for:

Required CSP directives and their purposes
Security implications of each directive
Example nginx/Apache configurations

Can I use the standard Production package with CSP?

The standard Production package may not work with strict CSP policies because it contains optimizations that require 'unsafe-eval'. If you enforce CSP in production, always use the CSP-Compatible package.

How do I test if my CSP configuration is correct?

Use Content-Security-Policy-Report-Only header initially to monitor violations without blocking
Test all camera functionality (document capture, face capture)
Once no violations are reported, switch to enforcing mode with Content-Security-Policy header

General Questions

Whose responsibility is it to make sure 3rd party dependencies are free from vulnerabilities?

We want to clarify that while we provide our SmartCapture WebSDK with a vetted set of dependencies, customers have the discretion to extend functionality by introducing additional dependencies or using other versions that meet their specific requirements. This is beyond the control of GBG Plc, and we advise customers to conduct their own checks on any new dependencies introduced and take appropriate actions to manage any issues discovered.

Which file formats are supported for integration?

The SDK is distributed as a .zip file containing a .tar package. After extraction, you can install the .tar package locally as an NPM dependency.

Which module systems are supported?

We support all modern ESModules. This ensures compatibility with the latest JavaScript module standards that enable seamless integration in environments that support ESModules. The SDK currently targets ES6 and higher.

How do I handle updates to the SDK?

Download the latest version of the gbgplc-smartcapture-web-vX.Y.Z.zip file and follow the installation steps to replace the existing .tar package in your project.

What are the minimum supported versions for the SDK in each of the platforms?

Browser versions:
Chrome desktop: v103
Chrome (Android): v112
Safari desktop: v15.1
Safari (iOS): v15.0
Edge: v103
Firefox desktop: v103
Firefox (Android): v110
OS requirements:
iOS: 14 and later
Android: 11 and later

I cannot get the tar file when I directly unzip the SDK file, what should I do?

It must be done through the terminal, please read through this page in documentation (link to the homepage of the documentation) this page in documentation:

What should I do if I encounter installation issues?

Ensure you are using the correct password to extract the gbgplc-smartcapture-web-vX.Y.Z.zip file. For installation issues, verify that your environment supports local dependencies installed from .tar files.

How do I capture the back side of a document with the Document Camera Component?

To capture the back side of a document, set the isOpen property of the LiveDocumentCamera back to true. This will reinitialize the camera and allow for capturing the document's reverse side.

Note:
In all references to vX.Y.Z, this represents the version number of the SDK you are integrating. For example, v1.2.3 would indicate version 1.2.3 of the SDK.

Package Variants​

Why are there separate packages now?​

Which package should I use?​

What happens if I accidentally deploy the development package to production?​

How do I verify which package I'm using?​

Can I switch between packages without code changes?​

Can I use the development package in staging environments?​

Content Security Policy (CSP)​

What is Content Security Policy (CSP)?​

Do I need the CSP-Compatible package?​

What CSP directives does the SDK require?​

Can I use the standard Production package with CSP?​

How do I test if my CSP configuration is correct?​

General Questions​

Whose responsibility is it to make sure 3rd party dependencies are free from vulnerabilities?​

Which file formats are supported for integration?​

Which module systems are supported?​

How do I handle updates to the SDK?​

What are the minimum supported versions for the SDK in each of the platforms?​

I cannot get the tar file when I directly unzip the SDK file, what should I do?​

What should I do if I encounter installation issues?​

How do I capture the back side of a document with the Document Camera Component?​