Skip to main content
Answered

How can I resolve CSP (Content Security Policy) issues with Intercom?

  • 16 September 2021
  • 4 replies
  • 730 views

Trying to use intercom URL in iFrame, facing the error which says "ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' "

 

Need a solution to overcome this issue. Kindly help us to resolve this

Best answer by Roy

Hello @user779​ ,

 

Please take a look at the following article:

https://www.intercom.com/help/en/articles/3894-using-intercom-with-content-security-policy/p>

 

Best,

Roy

View original
Did this topic help you find an answer to your question?

4 replies

Forum|alt.badge.img+5
  • Expert User
  • 1152 replies
  • Answer
  • September 20, 2021

Hello @user779​ ,

 

Please take a look at the following article:

https://www.intercom.com/help/en/articles/3894-using-intercom-with-content-security-policy/p>

 

Best,

Roy


  • Author
  • New Participant
  • 1 reply
  • September 22, 2021

@roy s11​  I have tried all the ways that have been provided in the link. But no luck. I am still facing the same error. Is there any other way that can be helped with.


  • New Participant
  • 3 replies
  • December 16, 2021

Hey @user779​ (cc @roy s11​) — did you manage to get this sorted? I'm facing a similar issue. I'm using a nonce with script-src and style-src, and have tried both approaches of whitelisting all the domains in that help article, and the other approach of using 'strict-dynamic', but the messenger still doesn't load.

 

One of the issues seems to be with this line:

n.setAttribute('style', 'position: absolute !important; opacity: 0 !important; width: 1px !important; height: 1px !important; top: 0 !important; left: 0 !important; border: none !important; display: block !important; z-index: -1 !important; pointer-events: none;'),

There are a number of others. Any ideas?


Forum|alt.badge.img

@Roy ​@Brendan K ​@User779 

We are experiencing issues (popping up in penetration test reports) with the unsafe-inline CSP for styles. Currently there is no solution for that. If this is also relevant for you: I created an item on the Product Wishlist for this; 
please upvote (and/or add your thoughts): 

https://community.intercom.com/ideas/enhanced-csp-compliance-eliminating-unsafe-inline-requirements-8877

​Thanks!


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings