Content-Security-Policy (CSP)
Content-Security-Policy (CSP) is a browser feature that limits what origins your page can interact with. With CSP, the browser will reject connections made to non-approved origins (e.g. if a vendor's script was hijacked or code was injected via an XSS attack).
In addition to the policies that your site needs without Cohere, there are 2 directives that you need to include with Cohere:
    connect-src: wss://*.cohere.so https://*.cohere.so
    script-src: https://static.cohere.so
Script Tag Installation
If you are using the script tag to install Cohere, you also need to include 'unsafe-inline' in script-src
An example Content-Security-Policy would be:
1
Content-Security-Policy: child-src 'self' blob:; script-src 'self' https://static.cohere.so; connect-src wss://*.cohere.so https://*.cohere.so
Copied!
Last modified 5h ago
Copy link