Firewall info for using Skilljar on Corporate Networks
Some companies and services require Skilljar resources are added to a provider "whitelist". By adding Skilljar domains and resources to a whitelist, these resources are explicitly granted permission to load safely on these networks and within these services. If your organization or service maintains strict security policies by denying access to most or all external websites, it's likely you'll need to add Skilljar and relevant resources to a whitelist.
Required Skilljar Domains
If your company whitelists domains, add the following domains to your list of allowed domains:
1. Skilljar Resources
** Note: The following domains are required
- *.skilljar.com
- *.sj-cdn.net
- *.everpath-course-content.s3-accelerate.amazonaws.com
2. Customer-specific Resources
-
Examples:
- *.company.com
- training.company.com
- university.company.com
Third Party Services
Skilljar may require whitelisting of the additional third party domains for outbound connections to these services.
Videos uploaded directly to Skilljar are delivered through JWPlayer. The main JWPlayer services are:
- *.jwpcdn.com
- *.jwplayer.com
- *.jwplatform.com
- *.jwpsrv.com
- *.jwpltx.com
- jwpsrv-vh.akamaihd.net
If other content is embedded in Skilljar, it is possible other resources may need to be whitelisted. This may include services like MixPanel, Segment, Vimeo, Wistia, InVision App, Google Suite (Google Forms, Google Docs, Google Spreadsheets, etc.). Please check with your domain administrator for additional information.
Content Security Policy for your training sites
A Content Security Policy (CSP) is a security feature that helps to protect websites from certain types of attacks, such as Cross-Site Scripting (XSS) and data injection attacks. CSP allows web developers to specify which content sources are considered trustworthy for a web page, thereby reducing the risk of malicious content being executed.
CSP is implemented via HTTP headers or HTML meta tags, which instruct the browser on how to handle different types of content. By defining a set of rules, CSP controls where resources can be loaded from and how they can be executed.
How to install a restricted CSP on your training domain
If your security team wants to set up a more restrictive CSP on the training domains, you are able to do so by sending the CSP to support@skilljar.com or to your Customer Success or Implementation Manager.
Please specify which of your training domains you would like this CSP applied to and the Skilljar team can install this policy to load in the header for your Skilljar training sites.