Skip to main content
Question

How to integrate intercom with CSP nonce-value


Im generating a nonce-value on my CSP Header using netlify, and while Im seeing in my CSP header that the nonce-value is set, when inspecting the HTML, intercoms script tag does not contain the nonce value. 

Can someone provide some insight into how to get intercom to initialize with the CSP Headers nonce value, or is that not possible? 

2 replies

Diogo Silva
Innovator ✨
Forum|alt.badge.img+2
  • Innovator ✨
  • 26 replies
  • February 20, 2025

Hello ​@Will Wedmedyk 
From my understanding, to initialize Intercom with the CSP header nonce value in Netlify, you need to ensure you are using Google's CSPv3 and including nonce sources for the scripts loaded by Messenger, something like this:
• Use Google's strict CSP policy:
Content-Security-Policy:
  object-src 'none';
  script-src 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;
  base-uri 'self';
• Include nonce fonts for Messenger scripts.
• If you need help with handling nonces, see Google's tutorial on CSP.
If you cannot use CSPv2 or v3 features, consider using origin allowlisting with the relevant directives for Intercom.

I hope this helps you :)


  • Author
  • New Participant
  • 2 replies
  • February 20, 2025

Yes i saw that in the article about integrating intercom with a CSP. The issue is that i do have the nonce present in my CSP, but its not being included in the intercom <script> tag when i look at the HTML. I was under the impression that this would work out of the box, but is there some configuration option im missing to have this populated on the script and styles tags? 


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings