Welcome to highlight.io
Company
Mission & Values
Compliance & Security
Open Source
Getting Started
Overview
Fullstack Mapping
Backend / Server
Frontend / Client
Fullstack Frameworks
Product Features
Session Replay
Error Monitoring
General Features
Logging
Integrations
Integrations Overview
Amplitude Integration
ClickUp Integration
Discord Integration
Electron Support
Front Integration
Height Integration
Intercom Integration
Linear Integration
Mixpanel Integration
Segment Integration
Slack Integration
Vercel Integration
Tips
Content-Security-Policy
Local Development
Monkey Patches
Performance Impact
Proxying Highlight
Session Search Deep Linking
Troubleshooting
Upgrading Highlight
Highlight.io Changelog
Changelog 12 (02/17)
Menu
Content-Security-Policy
You should keep reading this if your application runs in an environment that enforces content security policies.
Content-Security-Policy allows you to tell the browser what and how your page can interact with third-party scripts.
Here are the policies you'll need to set to use Highlight:
script-src:https://static.highlight.io- This policy is to allow downloading the Highlight runtime code for session recording and error monitoring.
worker-src:blob: https://static.highlight.io- This policy allows our script to create a web-worker which we use to serialize the recording data without affecting the performance of your application.
connect-src:https://pub.highlight.run- This policy is to allow connecting with Highlight servers to send recorded session data.
Your CSP definition may look something like this:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://static.highlight.io; worker-src: blob: https://static.highlight.io; connect-src https://pub.highlight.run;" />
