Backend: Error Monitoring
Backend: Logging
Go
JS
Python
Ruby
Java
Rust
Hosting Providers
Backend: Tracing
Native OpenTelemetry
Fullstack Frameworks
Overview
Self Host & Local Dev
Menu
Content-Security-Policy
You should keep reading this if your application runs in an environment that enforces content security policies.
Content-Security-Policy
allows you to tell the browser what and how your page can interact with third-party scripts.
Here are the policies you'll need to set to use Highlight:
connect-src
: https://pub.highlight.io
This policy is to allow connecting with Highlight servers to send recorded session data.
Your CSP definition may look something like this:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; connect-src https://pub.highlight.io;" />
highlight.run version 8.11 changes how we bundle the client so that we no longer require a
script-src
orworker-src
definition. Make sure you are using the latest version of the SDK to use the above CSP policy.