Content Security Policy (CSP) Headers
If the website specifies Content Security Policy headers, those headers may need to be modified in order to allow visitors to run Glance sessions.
Glance Cobrowse requires a policy which:
https://*.glancecdn.net, unless self-hosting.
- Allows cross domain requests to
- Allows secure https and websocket connections to Glance’s session servers at *.glance.net.
If your Content Security Policy relies on
default-src to specify trusted protocols and hosts, the following URLs can be added to your
https://*.glancecdn.net wss://*.glance.net https://*.glance.net
If you use more specific directives in your Content Security Policy, use these for Glance:
connect-src wss://*.glance.net https://*.glance.net; style-src https://*.glancecdn.net; script-src https://*.glancecdn.net; img-src: https://*.glancecdn.net;
For additional information on CSP security, see Cobrowse Security Architecture.
You can also test whether Glance's session servers are accessible from your location. More instructions are available here