hey I am trying to load a custom sheet from AWS Lambda, but all it currently returns is
<p>Your browser doesn't support iframe :(</p>.
I read the CSP part of the documentation and thought https would be enough as I didn’t set any CSP headers, but unfortunately it didn’t seem to work. It’s now unclear what I should set in the headers I return. Current try :
'Access-Control-Allow-Origin': 'https://api-iam.intercom.io/messenger/web/ping',` 'Access-Control-Allow-Credentials': true, 'X-Frame-Options': "ALLOW-FROM https://s3.amazonaws.com/ https://js.intercomcdn.com/" 'Content-Security-Policy': "script-src 'self' https://s3.amazonaws.com/ https://js.intercomcdn.com/",
Could you provide me with an example of valid headers?
Also, from the moment I started tweaking headers, I haven’t been able to access to chat messenger apart from incognito mode. The error might be related :
Failed to load https://api-iam.intercom.io/messenger/web/ping: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'https://www.mysite.xyz' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.