If your app has strict Content Security Policy, you will have to whitelist some domains and types for Cord. This page contains the full list, and an explanation for each item.javascript: connect-src https://api.cord.com wss://api.cord.com https://app.cord.com https://o951476.ingest.sentry.io https://s3.eu-west-2.amazonaws.com https://cdn.cord.com; style-src unsafe-inline https://app.cord.com; script-src https://app.cord.com; img-src blob: data: https://s3.eu-west-2.amazonaws.com https://cdn.cord.com worker-src blob:;
connect - src https : / / api . cord . com wss : / / api . cord . com https : / / app . cord . com https : / / o951476 . ingest . sentry . io https : / / s3 . eu - west - 2 . amazonaws . com https : / / cdn . cord . com ; style - src unsafe - inline https : / / app . cord . com ; script - src https : / / app . cord . com ; img - src blob : data : https : / / s3 . eu - west - 2 . amazonaws . com https : / / cdn . cord . com worker - src blob : ;
javascript
Copy
connect-src # rule
Why is this needed?
https://api.cord.com Cord API server from which data such as messages are fetched wss://api.cord.com Realtime update are pushed over a websocket https://app.cord.com Hosts Cord static assets, some of which are dynamically loaded https://o951476.ingest.sentry.io Cord's endpoint for uploading errors https://s3.eu-west-2.amazonaws.com Used for downloading/uploading static assets such as attachments and user profile pictures https://cdn.cord.com Cord screenshot feature requires to whitelist all domains
on which you host static content (images, fonts, etc), including Cord's CDN style-src # rule
Why is this needed?
unsafe-inline Allow Cord to inject CSS styles from Javascript https://app.cord.com Allow Cord stylesheet script-src # rule
Why is this needed?
https://app.cord.com Allow executing Cord SDK img-src # rule
Why is this needed?
blob: data: Allow Cord screenshot feature to inline images as blobs/dataURLs https://s3.eu-west-2.amazonaws.com Used for downloading/uploading static assets such as attachments and user profile pictures https://cdn.cord.com Allow Cord's CDN worker-src # rule
Why is this needed?
blob: Allows the Web Worker used in Cord screenshot feature