Content security and network configuration
In this section, we outline the necessary configuration steps to implement Content Security Policy (CSP) rules on your website, ensuring enhanced security against various web vulnerabilities.
Additionally, for users operating within constrained network environments, we provide guidance on permitting specific network traffic to maintain seamless functionality and accessibility.
CSP Headers for Voilà integration
If you implement Content Security Policy headers, here are the domains that must be added to your configuration. If you want to use Javascript or CSS overrides, please read the notes below.
CSP directive | Value |
---|---|
script-src | developer.voila.live |
connect-src | api.voila.live |
frame-src | player.voila.events |
img-src | *.voila.live voila-shared-assets.s3.eu-west-1.amazonaws.com |
media-src | *.voila.live |
If CSS overrides are used, 'unsafe-inline'
(including quotes) must be added to the style-src directive.
Web traffic allow list
Here a list of domains that must be accessible by web browsers to ensure the proper functioning of the Voilà service:
- Main Voilà domains
- *.voila.events
- *.voila.live
- Voilà infrastructure domain
- *.s3.eu-west-1.amazonaws.com
- cognito-idp.eu-west-1.amazonaws.com
- cdn.jsdelivr.net
- vjs.zencdn.net
- Live video streams domain
- *.live-video.net
- Fonts domains
- font.gstatic.com
- fonts.googleapis.com
- Realtime communication messages (eg. Chat) domains
- *.ably.io
- *.ably-realtime.com
- Optional: telemetry and analytics
- googleetagmanager.com
- *.google-analytics.com
- *.sentry.io
- *.hotjar.io
- *.hotjar.com
WebRTC traffic requirements
The Web Studio sessions of Voilà depend on WebRTC technology to facilitate real-time communication among the Live Manager, remote speakers, and our Studio.
Please ensure that WebRTC-specific communication is permitted for both the Live Manager and the remote speakers. Optimal communication with our media servers is attained through UDP to ports 40000 to 40499.
Direct UDP communication is the preferred protocol as it offers the best performance, quality of service, and latency.
If this UDP range cannot be permitted or if an HTTP proxy must be utilized, we offer alternative fallback routes:
- TCP to ports 40000 to 40499
- a TURN (UDP or TCP) server on port 443
If traffic must be tunneled through your HTTP proxy server, please verify that it delivers satisfactory performance in terms of bandwidth (at least 2Mbps per connection for both uplink and downlink) and latency.