Cohere
Cohere
Home
Security
Pricing
Dashboard
Quick Start
Identifying Users
Privacy
Troubleshooting
Testing on localhost
Content-Security-Policy (CSP)
iframes
Supported Frameworks
Bubble.io
External Integrations
Slack Integration
Intercom Integration
Zendesk Integration
API
Multiplayer status events
Selectively recording sessions
Powered by GitBook

Content-Security-Policy (CSP)

Content-Security-Policy (CSP) is a browser feature that limits what origins your page can interact with. With CSP, the browser will reject connections made to non-approved origins (e.g. if a vendor's script was hijacked or code was injected via an XSS attack).

In addition to the policies that your site needs without Cohere, there are 2 directives that you need to include with Cohere:

  • connect-src: wss://service.cohere.so https://*.cohere.so

  • script-src: https://static.cohere.so

An example Content-Security-Policy would be:

Content-Security-Policy: child-src 'self' blob:; script-src 'self' https://static.cohere.so; connect-src wss://service.cohere.so https://*.cohere.so
Troubleshooting - Previous
Testing on localhost
Next - Troubleshooting
iframes
Last updated 5 months ago