We’re implementing a Content-Security-Policy (CSP) for a SaaS. What’s your opinion of putting the entire Intercom component into an variable-size IFrame?
Then we can insert the IFrame into the site, set all user parameters in the IFrame and resize it when needed. That allows us to set a different CSP for the IFrame & the main app.
Are there any technical reasons against the Messenger in an IFrame (other than not being the official way)?
I’ve seen the recommendation for a CSP. But we’d really like to avoid ‘strict-dynamic’ at all cost, as well as a very lengthy host list.