We are using the Intercom helpcenter and in the “header” section of the helpcenter, we added a link to a place where customers can login. Aim is that after a succesful login, the visitor creates conversations in the messenger as authenticated (JWT) users.
Our problem now is that all the links in the helpcenter have:
Target attribute with value “_blank”
And rel attributes with value “noopener noreferrer”
Is there a way to change this? Reason: I want to use the referer as a callback redirect url after succesful login. By instructing the browser not to add the referer, I cannot do this.
Best answer by Dara K
Hey @Rogier Lommers
This is how the Intercom Help Center currently behaves.
What’s going on
The Help Center renderer forces header/footer links to open with target="_blank" and rel="noopener noreferrer".
noopener and noreferrer are added for security (to prevent tab-napping and limit cross-origin leakage).
Because of noreferrer, the browser does not send the Referer header to your login page, so you can’t reliably use Referer as the post-login redirect target.
This behaviour is not configurable in the Help Center today – you can’t turn off _blank or remove noopener noreferrer just for that login link.
What to do instead: You’ll need to adjust your login / redirect flow so it doesn’t depend on the HTTP Referer from the Help Center. Typical options:
Use an explicit redirect parameter
Change the header link to something like: https://your-app.com/login?redirect=/help-center
On your side, read the redirect param after login and send the user back to the correct page.
Use an OAuth-style state / redirect mechanism
Link to a fixed login entry point (e.g. /login-start), and include any context you need (locale, brand, etc.) as query params.
After authentication, your app uses those params to decide where to send the user, instead of relying on Referer.
If you really must derive the destination dynamically
Instead of Referer, design the flow so the Help Center page itself encodes where to go (via query / hash) in the URL you link to, and your app reads that.
This is how the Intercom Help Center currently behaves.
What’s going on
The Help Center renderer forces header/footer links to open with target="_blank" and rel="noopener noreferrer".
noopener and noreferrer are added for security (to prevent tab-napping and limit cross-origin leakage).
Because of noreferrer, the browser does not send the Referer header to your login page, so you can’t reliably use Referer as the post-login redirect target.
This behaviour is not configurable in the Help Center today – you can’t turn off _blank or remove noopener noreferrer just for that login link.
What to do instead: You’ll need to adjust your login / redirect flow so it doesn’t depend on the HTTP Referer from the Help Center. Typical options:
Use an explicit redirect parameter
Change the header link to something like: https://your-app.com/login?redirect=/help-center
On your side, read the redirect param after login and send the user back to the correct page.
Use an OAuth-style state / redirect mechanism
Link to a fixed login entry point (e.g. /login-start), and include any context you need (locale, brand, etc.) as query params.
After authentication, your app uses those params to decide where to send the user, instead of relying on Referer.
If you really must derive the destination dynamically
Instead of Referer, design the flow so the Help Center page itself encodes where to go (via query / hash) in the URL you link to, and your app reads that.
