I installed a free live chat from tawk.to. The problem (besides they not having a customer support for this script) is - it produces '400 Bad Request' error when it connects to the tawk.to servers. I added the below codes to .htaccess to allow different origins, but they don't work - the 400 error still appears. I don't know what else should be done.
I tried these in .htaccess without success:
SetEnvIf Origin "^(.*\.tawk\.to)$" ORIGIN_SUB_DOMAIN=$1
Header set Access-Control-Allow-Origin "%{ORIGIN_SUB_DOMAIN}e" env=ORIGIN_SUB_DOMAIN
Access-Control-Allow-Origin: *.tawk.to
The response header (assuming I put this script on EXAMPLE.com):
Accepttext/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encodinggzip, deflate, brAccept-Languageen-US,en;q=0.5Cache-Controlno-cacheConnectionkeep-alive, UpgradeCookie__tawkuuid=e::tawk.to::CZ4miEdTw+LJy27l6cezd/vgJ1Go/uVCmU/4mrr+WIe5uNur3LjRp6TAhWSTCS83::2; __cfduid=d8cf244362c2ead0f846b52cd84058bd31488522157DNT1
Host vs51.tawk.to
Origin https://EXAMPLE.com
Pragmano-cacheSec-WebSocket-Extensionspermessage-deflateSec-WebSocket-KeyBPkRsxjD+iWVmfb3LV8zpA==Sec-WebSocket-Version13UpgradewebsocketUser-AgentMozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
The Error Response:
GET https://vs51.tawk.to/s/ [HTTP/1.1 400 Bad Request 162ms]
Here is an example Javascript from tawk.to (note it contains the 'crossorigin"* attribute but it still produces the error):
<!--Start of Tawkto (example)-->
<script>
var Tawk_API=Tawk_API||{}, Tawk_LoadStart=new Date();
(function(){
var s1=document.createElement("script"),s0=document.getElementsByTagName("script")[0];
s1.async=true;
s1.src='https://embed.tawk.to/0111111111/default';
s1.charset='UTF-8';
s1.setAttribute('crossorigin','*');
s0.parentNode.insertBefore(s1,s0);
})();
</script>
<!--End of Tawkto-->
Update - contacting support@tawk.to doesn't work (no response). But I did more research - I found a few sites that use tawk.to chat and the 400 Bad Request error appears on these sites too.. so it must be something inherent/buggy to tawk.to script which for now is not resolved and all their customers are affected.