Whitelisted Hosts

You can now specify a list of hosts allowed to embed the Pipe recorder. Such a list helps prevent abuse from malicious users that could embed your Pipe Recording Client embed code on other websites.

There’s a different list for each of your environments.

To add to the list or edit the list go to the edit environment section and scroll down to the whitelisted hosts section.

Image showing a list of hosts that have been whitelisted

The list is empty by default, meaning any host is allowed.

When adding a host, do not include the protocol (https:// or http://) or any specific web page path. For example, mywebsite.com is correct, but https://mywebsite.com/signup is incorrect.

The port number does not need to be specified. If it is, it will be ignored.

You can also use localhost or any IP as a host.

You can use the wildcard prefix * to allow all subdomains.

The maximum length of any host entry must be 100 characters.

Here are some examples of how validation works:

Host entryValidInvalid
*.example.comall example.com subdomainsexample.com
*.subdomain.example.comall subdomains of subdomain.example.comtest.another-subdomain.example.com
*.*.example.comall 2-level subdomains of example.comwww.example.com

When the Pipe Recording Client is embedded on a host that’s not in the list, the recording client will prevent the embed code from running and show an error message.

There are some cases where the host information (where the Pipe recorder is embedded) is not available to us. Here are two such cases:

  1. If the Pipe recorder is embedded in a page with the header Referrer-Policy set to no-referrer for non-cors request modes.
  2. If the Pipe recorder is included in a web page through an iframe with a sandbox attribute that’s either empty (all restrictions are applied) or doesn’t contain the value allow-same-origin.

In such cases, if you have any entry in the list of allowed hosts above, the Pipe recorder will not run. It will show a specific error message and prevent any type of recording submission (record or upload).