You can now specify a list of hosts allowed to embed the Pipe recorder. Such a list helps prevent abuse from malicious users that could embed your Pipe Recording Client embed code on other websites.
There’s a different list for each of your environments.
To add to the list or edit the list go to the edit environment section and scroll down to the whitelisted hosts section.
The list is empty by default, meaning any host is allowed.
When adding a host, do not include the protocol (
http://) or any specific web page path. For example,
mywebsite.com is correct, but
https://mywebsite.com/signup is incorrect.
The port number does not need to be specified. If it is, it will be ignored.
You can also use
localhost or any IP as a host.
You can use the wildcard prefix * to allow all subdomains.
The maximum length of any host entry must be 100 characters.
Here are some examples of how validation works:
|all subdomains of |
|all 2-level subdomains of |
When the Pipe Recording Client is embedded on a host that’s not in the list, the recording client will prevent the embed code from running and show an error message.
- If the Pipe recorder is embedded in a page with the header
- If the Pipe recorder is included in a web page through an iframe with a
sandboxattribute that’s either empty (all restrictions are applied) or doesn’t contain the value
In such cases, if you have any entry in the list of allowed hosts above, the Pipe recorder will not run. It will show a specific error message and prevent any type of recording submission (record or upload).