HomeSecurityPricingDashboard
Search…
Quick start
Identifying users
Privacy
Support
User Roles
Troubleshooting
Localhost testing
Content-Security-Policy (CSP)
IFrames
Cohere session definition
Platform integrations
Google Tag Manager
Bubble.io
Shopify
Wix
Memberstack
Squarespace
External Integrations
Slack integration
Microsoft Teams integration
Intercom integration
Zendesk integration
Sentry integration
Segment integration
Call Recordings
API
Voice widget
Calling API
Authenticating users securely
Multiplayer status events
Selective session recording
Getting current session URL
Powered By GitBook
Content-Security-Policy (CSP)
Content-Security-Policy (CSP) is a browser feature that limits what origins your page can interact with. With CSP, the browser will reject connections made to non-approved origins (e.g. if a vendor's script was hijacked or code was injected via an XSS attack).
In addition to the policies that your site needs without Cohere, there are 2 directives that you need to include with Cohere:
  • connect-src: wss://*.cohere.so https://*.cohere.so
  • script-src: https://static.cohere.so
Script Tag Installation
If you are using the script tag to install Cohere, you also need to include 'unsafe-inline' in script-src
An example Content-Security-Policy would be:
1
Content-Security-Policy: child-src 'self' blob:; script-src 'self' https://static.cohere.so; connect-src wss://*.cohere.so https://*.cohere.so
Copied!
Troubleshooting - Previous
Localhost testing
Next - Troubleshooting
IFrames
Last modified 2mo ago
Copy link