Loading
Salesforce now sends email only from verified domains. Read More
Explore Legacy Service Features
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Add Your Website to the CORS Allowlist

            You are here:

            1. Salesforce Help
            2. Docs
            3. Legacy Service Features

            Add Your Website to the CORS Allowlist

            Add the URLs of the web pages where you intend to add the chat window to the CORS allowlist in your org. The web page where you add the chat window is the page that customers use to access chat.

            Required Editions

            View supported editions.
            User Permissions Needed
            To set up Embedded Chat: Customize Application AND Modify Metadata
            Important
            Important

            Legacy Chat will be retired on February 14, 2026. To avoid service interruptions to your end users, switch to enhanced Chat (formerly Messaging for In-App and Web). Enhanced Chat offers many of the legacy Chat features that you love plus asynchronous conversations that can be picked back up at any time. Learn about migrating in Help and Trailhead.

            You can use HTTP and HTTPS domains with Embedded Chat. The protocol for the URL that you allowlist must match the URL in the website or Experience site endpoint in the code snippet that’s generated at the end of Embedded Service setup.

            Important
            Important This information applies to Embedded Service only.
            1. From Setup, enter CORS in the Quick Find box, then select CORS.
            2. Select New.
            3. Enter an origin URL pattern.
              The origin URL pattern must include the HTTP or HTTPS protocol and a domain name. The origin URL pattern can include a port. The wildcard character (*) is supported and must be in front of a second-level domain name. For example, https://*.example.com adds all subdomains of example.com to the allowlist.
              The origin URL pattern can be an IP address. However, an IP address and a domain that resolve to the same address are not the same origin, and you must add them to the CORS allowlist as separate entries.
             
            Loading
            Salesforce Help | Article