CSP: allowing form submissions to Typeform via Intercom integration | Community
Skip to main content
Answered

CSP: allowing form submissions to Typeform via Intercom integration

J

We are attempting to use the typeform-intercom integration to gather user feedback. For some reason our CSP is blocking the form submissions to typeform and I cannot figure out why. I have updated the form-action entry in the CSP to include `*.intercom-integration.typeform.com/`, but yet it is still being blocked. Has anyone else run into tis issue? Has anyone been able to update their CSP to correctly allow this form submission?

 

The error we are getting:

Refused to send form data to 'https://intercom-integration.typeform.com/intercom/renderForm?form_url=https://eva368832.typeform.com/to/Ur2MA5&sheet_title=Request%20a%20new%20ingredient&form_id=Ur2MA5' because it violates the following Content Security Policy directive: "form-action 'self' *.intercom-integration.typeform.com/ *.intercomcdn.com/".

Refused to send form data to 'https://intercom-integration.typeform.com/intercom/renderForm?form_url=https://eva368832.typeform.com/to/Ur2MA5&sheet_title=Request%20a%20new%20ingredient&form_id=Ur2MA5' because it violates the following Content Security Policy directive: "form-action 'self' *.intercom-integration.typeform.com/ *.intercomcdn.com/".
 

Best answer by mathio-tf

I see the message says:

Refused to send form data to 'https: //intercom-integration.typeform.com/intercom/renderForm?form url=http...m.com/to/Ur2MA5&sheet title=Req uest%20a820new%20ingredient&form id=Ur2MA5' because it violates the following Content Security Policy directive: "form-action 'self'".

 

This looks like the domain https://intercom-integration.typeform.com/  is not in your CSP header.

However I have also noticed in your first post you mentioned adding this domain to your CSP headers: *.intercom-integration.typeform.com/

Can you try with https://intercom-integration.typeform.com/ since there is no leading dot in the URL.

View original
S
Muhammad Gulzar
2 people like this
  • S
    sajid
  • Muhammad Gulzar
    Muhammad Gulzar

9 replies

Grace
Community Team
Forum|alt.badge.img+5
  • Grace
  • Community Advocate
  • 2606 replies
  • May 16, 2023

Hey @juliabuckley thanks for stopping by and sharing this, just wondering if maybe @mathio or @picsoung might know the answer 🤔

If cauliflower can become pizza, you my friend can do anything
mathio-tf
Typeform
Forum|alt.badge.img+5
  • mathio-tf
  • Typeform
  • 888 replies
  • May 16, 2023

Hi @juliabuckley, I am sorry but I have no experience with this integration.

However I fount this CSP docs on form-action and it says some browser might block redirects after form submissions. Could this be the case? In case you are experiencing the issue in Chrome, can you please check with Firefox to rule this out?

Grace
1 person likes this
  • Grace
    Grace
J

This is the integration we are using: https://www.typeform.com/blog/news/intercom-integration/

 

I don’t believe it has to do with a redirect, because we are just loading the form and not sending the user out of our application at all, and the CSP warning is saying it is refusing to load the form. I tried in Safari and had the same issue there, unfortunately. It is super confusing because I believe I should just be able to add `intercom-integration.typeform` to the allowed source list in the form-action directive of the CSP and it should work.  So I guess I am just grasping t straws and hoping someone has advice 

Liz
Community Team
Forum|alt.badge.img+5
  • Liz
  • Tech Community Advocate
  • 14905 replies
  • May 16, 2023

Hi @juliabuckley Could you share the URL where you have Typeform/Intercom so we can take a look? I haven’t seen this either, but it might be helpful to see the form within Intercom live, if possible. 

Life is a series of awkward moments separated by snacks.
J

Unfortunately you won’t be able to access the page without an account. But here is a screenshot of how we are using intercom in our application. When the user clicks on the “Get Started” button a form from typeform is supposed to load within this little intercom embed. What actually happens is it loads a blank white view.  Not sure if this is helpful or not?

 

 

This is what I see in the console:

 

mathio-tf
Typeform
Forum|alt.badge.img+5
  • mathio-tf
  • Typeform
  • 888 replies
  • Answer
  • May 16, 2023

I see the message says:

Refused to send form data to 'https: //intercom-integration.typeform.com/intercom/renderForm?form url=http...m.com/to/Ur2MA5&sheet title=Req uest%20a820new%20ingredient&form id=Ur2MA5' because it violates the following Content Security Policy directive: "form-action 'self'".

 

This looks like the domain https://intercom-integration.typeform.com/  is not in your CSP header.

However I have also noticed in your first post you mentioned adding this domain to your CSP headers: *.intercom-integration.typeform.com/

Can you try with https://intercom-integration.typeform.com/ since there is no leading dot in the URL.

Liz
Grace
J
3 people like this
  • Liz
    Liz
  • Grace
    Grace
  • J
    juliabuckley
J

I was able to resolve the issue by setting the form-action directive as follows:

'form-action': https://intercom-integration.typeform.com/intercom/ 'self'

For some reason leaving out the https:// was not successful

mathio-tf
1 person likes this
  • mathio-tf
    mathio-tf
J

@mathio Thanks! Yes I clearly was messing that up, thanks for pointing out =)

Liz
mathio-tf
Grace
3 people like this
  • Liz
    Liz
  • mathio-tf
    mathio-tf
  • Grace
    Grace
mathio-tf
Typeform
Forum|alt.badge.img+5
  • mathio-tf
  • Typeform
  • 888 replies
  • May 16, 2023

I think using *.intercom-integration.typeform.com/ expects to be there another value separated by dot before - eg. something.intercom-integration.typeform.com/ which is not the case. Using value intercom-integration.typeform.com/ might work as well, but I dont think you need to support other than https protocol.

Happy to help. Sometimes all you need is a second pair of eyes 😃 Happens to everybody.

Liz
Grace
J
3 people like this
  • Liz
    Liz
  • Grace
    Grace
  • J
    juliabuckley

Reply


Still need help?

Don't be shy and ask the community.

Ask your question here!
Community T&Cs