Content Security Policy (CSP) Headers

If the website specifies Content Security Policy headers, those headers may need to be modified in order to allow visitors to run Glance sessions.

Glance Cobrowse requires a policy which:

  • Includes JavaScript, CSS, and images from https://www.glancecdn.net and https://s3.amazonaws.com/glancecdn/, unless self-hosting.

  • Allows cross domain requests to https://www.glance.net.

  • Allows secure https and websocket connections to Glance‚Äôs session servers at *.glance.net.

If the Content Security Policy relies on default-src to specify trusted protocols and hosts, the following can be added to default-src:

  • default-src https://www.glancecdn.net

  • https://s3.amazonaws.com/glancecdn/

  • wss://*.glance.net, https://*.glance.net

If the Content Security Policy includes more specific directives:

  • connect-src wss://*.glance.net, https://*.glance.net;

  • style-src https://www.glancecdn.net, https://s3.amazonaws.com/glancecdn/

  • script-src https://www.glancecdn.net, https://s3.amazonaws.com/glancecdn/

  • img-src https://www.glancecdn.net, https://s3.amazonaws.com/glancecdn/

For additional information on CSP security, see Cobrowse Security Architecture.

By continuing to use the site, you agree to the use of cookies. Learn More