Product Manager · Linear · Posted 7 days ago
Trying to embed the Jarvis widget on a subdomain (support.mysite.com). Console shows a CORS error even though I added the domain to Allowed Origins in the tenant settings. Works fine on the apex mysite.com.
Senior Engineer
Common gotcha. Allowed Origins is an exact-match list, not a wildcard. You need to add both:
If you're hoping for https://*.mysite.com - that's not supported on any plan right now. API Gateway can't return a wildcard Access-Control-Allow-Origin when AllowCredentials is on, which the widget session endpoints require. The long-term fix on the Jarvis side is to move the embed endpoints to a Lambda Function URL (which does support wildcard CORS), but it hasn't shipped yet. For now, enumerate each subdomain you need.
Product Manager · Linear
That was it. Added the subdomain explicitly, working now. Is the wildcard limitation documented somewhere? Would've saved me an hour.
Developer Advocate · DeskClone AI
Fair feedback, we'll add it to the Embed Widget docs this week.