Skip to main content
Question

CSP require-trusted-types-for 'script' header issue

  • March 17, 2025
  • 1 reply
  • 6 views

Hi team,

We're implementing the require-trusted-types-for 'script'; header in our app and have set up a default Trusted Types policy. However, the Intercom widget script fails on the following line:

e.documentElement.innerHTML = t,
with
Uncaught TypeError: Failed to set the 'innerHTML' property on 'Element': This document requires 'TrustedHTML' assignment.
 

Has anyone encountered this issue before? Any suggestions on how to work around it while keeping Trusted Types enforcement?

Thanks!


 

1 reply

Nathan Sudds
Expert User ✨
Forum|alt.badge.img+5
  • Top Expert
  • 311 replies
  • March 19, 2025

@nikosp  I’m wondering if you’ve looked at the details here in the article about Using Intercom with CSP , this seems like it should help identify the Intercom domains as safe but not sure if it resolves the InnerHTML issue. 

If not, please report back here so the Intercom team can have a look into the issue further. 

I did see others having this issue with other frameworks and apps using InnerHTML, there may be ways around it but potentially those are not as safe so hopefully this solution from Intercom will help or they can update it with more info for Trusted Types as well. 

Hope this helps!


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings