Ali Mohammed
ServiceNow Employee
ServiceNow Employee

The Issue

Encountering an error message in Engagement Messenger when launched on a customer's website

find_real_file.png

Underlying Root cause 

There are multiple reasons for this error:

  • The server adds an HTTP header in the response that says the website content cannot be launched in an iframe within another website. 
  • The response contains some HTTP header parameters that violate some security policy 
  • network issues and probably many more that are beyond the scope of this little article for engagement messenger

The error for me was caused by security policy violation #2. Looking at the error messages in the JS console confirmed it. 

Chrome Dev Tools Error Message is
"Refused to frame 'https://xxxxxxxxx.service-now.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' frame-ancestors teams.microsoft.com *.teams.microsoft.com"."

EM HTTP Response Header's default setting for Content-Security-Policy matched the error message.


find_real_file.png

find_real_file.png 

Resolution

Deactivate this setting and create a new setting as per the EM setup instructions.  

Once the default setting was deactivated, the EM worked like a charm!

Comments
Kevin Clark1
Tera Contributor

If you've landed here from Search like I did and you're having problems with CORS rules, there's also a system property that might need to be set to include your external site's domain - com.glide.cs.embed.csp_frame_ancestors.  This was causing us some problems with similar error messages.  Doco which helped us can be found here: https://www.servicenow.com/docs/bundle/yokohama-customer-service-management/page/product/customer-se...

 

Version history
Last update:
‎09-03-2022 12:43 PM
Updated by: