We would need to add Content Security Policy to our application. I saw this article on Intercom Help. There it is stated to use 'unsafe-inline' but I am wondering is there a way not to use it, since we would like avoid that in our policy?
Page 1 / 1
Hey @stefan m, 👋 thanks for reaching out! I'm one of the Support Engineers here @ Intercom! 👍
Currently 'unsafe-inline' is required for various aspects of Intercom to work properly. If you choose not to include one or some of the policies listed in that article you have looked at, then Intercom will potentially not function correctly.
You definitely aren't the first to reach out about our CSP so I will make sure to flag this with our Product team so they aware of it. I hope this clarifies.
Hey @stefan m, 
thanks for reaching out! I'm one of the Support Engineers here @ Intercom! 
Currently 'unsafe-inline' is required for various aspects of Intercom to work properly. If you choose not to include one or some of the policies listed in that article you have looked at, then Intercom will potentially not function correctly.
You definitely aren't the first to reach out about our CSP so I will make sure to flag this with our Product team so they aware of it. I hope this clarifies.
For regulatory compliance, I have to ask, why are styles loaded this way? Is there any way to create an acceptable CSP policy that does not use “unsafe-inline”? Allowing the addition of a nonce to the generated styles would be one way.
I now created an item on the Product Wishlist for this CSP/unsafe-inline issue.
Please upvote (and/or add your thoughts):
Reply
Join the Intercom Community 🎉
Already have an account? Login
Login to the community
No account yet? Create an account
Intercom Customers and Employees
Log in with SSOor
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.