HomeSecurityPricingDashboard
Search…
Quick start
Identifying users
Privacy
Support
User roles
Support tools
Salesforce + phone workflow
Troubleshooting
Localhost testing
Content-Security-Policy (CSP)
IFrames
Cohere session definition
Metrics and logs
Audit logs
Platform integrations
Google Tag Manager
Bubble.io
Shopify
Wix
Memberstack
Squarespace
Webflow
Salesforce Site
External Integrations
Slack integration
Microsoft Teams integration
Intercom integration
Zendesk integration
Sentry integration
Segment integration
Call recordings
Calendly
API
Voice widget
Calling API
Authenticating users securely
Multiplayer status events
Selective session recording
Getting current session URL
Powered By GitBook
Content-Security-Policy (CSP)
Content-Security-Policy (CSP) is a browser feature that limits what origins your page can interact with. With CSP, the browser will reject connections made to non-approved origins (e.g. if a vendor's script was hijacked or code was injected via an XSS attack).
In addition to the policies that your site needs without Cohere, there are 2 directives that you need to include with Cohere:
  • connect-src: wss://*.cohere.so https://*.cohere.so
  • script-src: https://static.cohere.so
Script Tag Installation
If you are using the script tag to install Cohere, you also need to include 'unsafe-inline' in script-src
An example Content-Security-Policy would be:
1
Content-Security-Policy: child-src 'self' blob:; script-src 'self' https://static.cohere.so; connect-src wss://*.cohere.so https://*.cohere.so
Copied!
Troubleshooting - Previous
Localhost testing
Next - Troubleshooting
IFrames
Last modified 6mo ago
Copy link