Trying to use intercom URL in iFrame, facing the error which says "ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' "
Need a solution to overcome this issue. Kindly help us to resolve this
Page 1 / 1
Hello @user779 ,
Please take a look at the following article:
https://www.intercom.com/help/en/articles/3894-using-intercom-with-content-security-policy/p>
Best,
Roy
@roy s11 I have tried all the ways that have been provided in the link. But no luck. I am still facing the same error. Is there any other way that can be helped with.
Hey @user779 (cc @roy s11) — did you manage to get this sorted? I'm facing a similar issue. I'm using a nonce with script-src and style-src, and have tried both approaches of whitelisting all the domains in that help article, and the other approach of using 'strict-dynamic', but the messenger still doesn't load.
One of the issues seems to be with this line:
n.setAttribute('style', 'position: absolute !important; opacity: 0 !important; width: 1px !important; height: 1px !important; top: 0 !important; left: 0 !important; border: none !important; display: block !important; z-index: -1 !important; pointer-events: none;'),There are a number of others. Any ideas?
We are experiencing issues (popping up in penetration test reports) with the unsafe-inline CSP for styles. Currently there is no solution for that. If this is also relevant for you: I created an item on the Product Wishlist for this;
please upvote (and/or add your thoughts):
https://community.intercom.com/ideas/enhanced-csp-compliance-eliminating-unsafe-inline-requirements-8877
Thanks!
Reply
Join the Intercom Community 🎉
Already have an account? Login
Login to the community
No account yet? Create an account
Intercom Customers and Employees
Log in with SSOor
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.