Skip to main content
Answered

How can I resolve CSP (Content Security Policy) issues with Intercom?

  • September 16, 2021
  • 4 replies
  • 738 views

Trying to use intercom URL in iFrame, facing the error which says "ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' "

 

Need a solution to overcome this issue. Kindly help us to resolve this

Best answer by Roy

Hello @user779​ ,

 

Please take a look at the following article:

https://www.intercom.com/help/en/articles/3894-using-intercom-with-content-security-policy/p>

 

Best,

Roy

View original
Did this topic help you find an answer to your question?

4 replies

Forum|alt.badge.img+5
  • Expert User
  • 1152 replies
  • Answer
  • September 20, 2021

Hello @user779​ ,

 

Please take a look at the following article:

https://www.intercom.com/help/en/articles/3894-using-intercom-with-content-security-policy/p>

 

Best,

Roy


  • Author
  • New Participant
  • 1 reply
  • September 22, 2021

@roy s11​  I have tried all the ways that have been provided in the link. But no luck. I am still facing the same error. Is there any other way that can be helped with.


  • New Participant
  • 3 replies
  • December 16, 2021

Hey @user779​ (cc @roy s11​) — did you manage to get this sorted? I'm facing a similar issue. I'm using a nonce with script-src and style-src, and have tried both approaches of whitelisting all the domains in that help article, and the other approach of using 'strict-dynamic', but the messenger still doesn't load.

 

One of the issues seems to be with this line:

n.setAttribute('style', 'position: absolute !important; opacity: 0 !important; width: 1px !important; height: 1px !important; top: 0 !important; left: 0 !important; border: none !important; display: block !important; z-index: -1 !important; pointer-events: none;'),

There are a number of others. Any ideas?


Forum|alt.badge.img

@Roy ​@Brendan K ​@User779 

We are experiencing issues (popping up in penetration test reports) with the unsafe-inline CSP for styles. Currently there is no solution for that. If this is also relevant for you: I created an item on the Product Wishlist for this; 
please upvote (and/or add your thoughts): 

https://community.intercom.com/ideas/enhanced-csp-compliance-eliminating-unsafe-inline-requirements-8877

​Thanks!


Did this topic help you find an answer to your question?

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings