diff --git a/app/models/dashboard_app.rb b/app/models/dashboard_app.rb
index 7316dd344..e8a7edd4c 100644
--- a/app/models/dashboard_app.rb
+++ b/app/models/dashboard_app.rb
@@ -33,9 +33,12 @@ class DashboardApp < ApplicationRecord
         'required' => %w[url type],
         'properties' => {
           'type' => { 'enum': ['frame'] },
-          'url' => { :type => 'string', 'format' => 'uri' }
+          'url' => { '$ref' => '#/definitions/saneUrl' }
         }
       },
+      'definitions' => {
+        'saneUrl' => { 'format' => 'uri', 'pattern' => '^https?://' }
+      },
       'additionalProperties' => false,
       'minItems' => 1
     }
diff --git a/spec/controllers/api/v1/accounts/dashboard_apps_controller_spec.rb b/spec/controllers/api/v1/accounts/dashboard_apps_controller_spec.rb
index e545b0e35..100f914bb 100644
--- a/spec/controllers/api/v1/accounts/dashboard_apps_controller_spec.rb
+++ b/spec/controllers/api/v1/accounts/dashboard_apps_controller_spec.rb
@@ -55,8 +55,12 @@ RSpec.describe 'DashboardAppsController', type: :request do
 
   describe 'POST /api/v1/accounts/{account.id}/dashboard_apps' do
     let(:payload) { { dashboard_app: { title: 'CRM Dashboard', content: [{ type: 'frame', url: 'https://link.com' }] } } }
+    let(:no_ssl_payload) { { dashboard_app: { title: 'CRM Dashboard', content: [{ type: 'frame', url: 'http://link.com' }] } } }
     let(:invalid_type_payload) { { dashboard_app: { title: 'CRM Dashboard', content: [{ type: 'dda', url: 'https://link.com' }] } } }
     let(:invalid_url_payload) { { dashboard_app: { title: 'CRM Dashboard', content: [{ type: 'frame', url: 'com' }] } } }
+    let(:non_http_url_payload) do
+      { dashboard_app: { title: 'CRM Dashboard', content: [{ type: 'frame', url: 'ftp://wontwork.chatwoot.com/hello-world' }] } }
+    end
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
@@ -82,6 +86,19 @@ RSpec.describe 'DashboardAppsController', type: :request do
         expect(json_response['content'][0]['type']).to eq payload[:dashboard_app][:content][0][:type]
       end
 
+      it 'creates the dashboard app even if the URL does not have SSL' do
+        expect do
+          post "/api/v1/accounts/#{account.id}/dashboard_apps", headers: user.create_new_auth_token,
+                                                                params: no_ssl_payload
+        end.to change(DashboardApp, :count).by(1)
+
+        expect(response).to have_http_status(:success)
+        json_response = response.parsed_body
+        expect(json_response['title']).to eq 'CRM Dashboard'
+        expect(json_response['content'][0]['link']).to eq payload[:dashboard_app][:content][0][:link]
+        expect(json_response['content'][0]['type']).to eq payload[:dashboard_app][:content][0][:type]
+      end
+
       it 'does not create the dashboard app if invalid URL' do
         expect do
           post "/api/v1/accounts/#{account.id}/dashboard_apps", headers: user.create_new_auth_token,
@@ -93,6 +110,17 @@ RSpec.describe 'DashboardAppsController', type: :request do
         expect(json_response['message']).to eq 'Content : Invalid data'
       end
 
+      it 'does not create the dashboard app if non HTTP URL' do
+        expect do
+          post "/api/v1/accounts/#{account.id}/dashboard_apps", headers: user.create_new_auth_token,
+                                                                params: non_http_url_payload
+        end.not_to change(DashboardApp, :count)
+
+        expect(response).to have_http_status(:unprocessable_entity)
+        json_response = response.parsed_body
+        expect(json_response['message']).to eq 'Content : Invalid data'
+      end
+
       it 'does not create the dashboard app if invalid type' do
         expect do
           post "/api/v1/accounts/#{account.id}/dashboard_apps", headers: user.create_new_auth_token,