Cohere
Cohere
Home
Security
Pricing
Dashboard
Quick Start
Identifying Users
Privacy
Troubleshooting
Localhost Testing
Content-Security-Policy (CSP)
iframes
Cohere Session Definition
Platform integrations
Bubble.io
Shopify
Wix
Memberstack
Squarespace
External Integrations
Slack Integration
Intercom Integration
Zendesk Integration
Sentry Integration
Segment Integration
API
Multiplayer Status Events
Selective Session Recording
Chime Widget
Calling API
Powered by GitBook

Content-Security-Policy (CSP)

Content-Security-Policy (CSP) is a browser feature that limits what origins your page can interact with. With CSP, the browser will reject connections made to non-approved origins (e.g. if a vendor's script was hijacked or code was injected via an XSS attack).

In addition to the policies that your site needs without Cohere, there are 2 directives that you need to include with Cohere:

  • connect-src: wss://service.cohere.so https://*.cohere.so

  • script-src: https://static.cohere.so

An example Content-Security-Policy would be:

Content-Security-Policy: child-src 'self' blob:; script-src 'self' https://static.cohere.so; connect-src wss://service.cohere.so https://*.cohere.so
Troubleshooting - Previous
Localhost Testing
Next - Troubleshooting
iframes
Last updated 10 months ago