If your app has strict Content Security Policy, you will have to whitelist some domains and types for Cord. This page contains the full list, and an explanation for each item.javascript
javascript: connect-src https://api.cord.com wss://api.cord.com https://app.cord.com https://o951476.ingest.sentry.io https://s3.eu-west-2.amazonaws.com https://cdn.cord.com; style-src unsafe-inline https://app.cord.com; script-src https://app.cord.com; img-src blob: data: https://s3.eu-west-2.amazonaws.com https://cdn.cord.com worker-src blob:;
connect - src https : / / api . cord . com wss : / / api . cord . com https : / / app . cord . com https : / / o951476 . ingest . sentry . io https : / / s3 . eu - west - 2 . amazonaws . com https : / / cdn . cord . com ; style - src unsafe - inline https : / / app . cord . com ; script - src https : / / app . cord . com ; img - src blob : data : https : / / s3 . eu - west - 2 . amazonaws . com https : / / cdn . cord . com worker - src blob : ;
Copy
connect-src # rule
Why is this needed?
https://api.cord.com Cord API server from which data such as messages are fetched wss://api.cord.com Realtime update are pushed over a websocket https://app.cord.com Hosts Cord static assets, some of which are dynamically loaded https://o951476.ingest.sentry.io Cord's endpoint for uploading errors https://s3.eu-west-2.amazonaws.com Used for downloading/uploading static assets such as attachments and user profile pictures https://cdn.cord.com Cord screenshot feature requires to whitelist all domains
on which you host static content (images, fonts, etc), including Cord's CDN style-src # rule
Why is this needed?
unsafe-inline Allow Cord to inject CSS styles from Javascript https://app.cord.com Allow Cord stylesheet script-src # rule
Why is this needed?
https://app.cord.com Allow executing Cord SDK img-src # rule
Why is this needed?
blob: data: Allow Cord screenshot feature to inline images as blobs/dataURLs https://s3.eu-west-2.amazonaws.com Used for downloading/uploading static assets such as attachments and user profile pictures https://cdn.cord.com Allow Cord's CDN worker-src # rule
Why is this needed?
blob: Allows the Web Worker used in Cord screenshot feature