Cohere
Cohere
Home
Security
Pricing
Dashboard
Quick Start
Identifying Users
Privacy
Troubleshooting
Testing on localhost
Content-Security-Policy (CSP)
iframes
Cohere session definition
Platform integrations
Bubble.io
Shopify
Wix
Memberstack
Segment
External Integrations
Slack Integration
Intercom Integration
Zendesk Integration
Sentry Integration
API
Multiplayer status events
Selectively recording sessions
Powered by GitBook

Content-Security-Policy (CSP)

Content-Security-Policy (CSP) is a browser feature that limits what origins your page can interact with. With CSP, the browser will reject connections made to non-approved origins (e.g. if a vendor's script was hijacked or code was injected via an XSS attack).

In addition to the policies that your site needs without Cohere, there are 2 directives that you need to include with Cohere:

  • connect-src: wss://service.cohere.so https://*.cohere.so

  • script-src: https://static.cohere.so

An example Content-Security-Policy would be:

Content-Security-Policy: child-src 'self' blob:; script-src 'self' https://static.cohere.so; connect-src wss://service.cohere.so https://*.cohere.so
Troubleshooting - Previous
Testing on localhost
Next - Troubleshooting
iframes
Last updated 7 months ago