Introduction
Onboarding
What is CloudBees Feature Management?
Use cases
Introduction
Installing client-side SDKs
Installing server-side SDKs
About feature flags
Environments
Creating a feature flag
Feature flag settings
Deleting a feature flag
Embedded feature flags
Multiplatform feature flags
Flag freeze levels
Feature flag configuration update flow
Configuration values
Approval requests
Toggling flags on and off
Audiences
Custom properties
Percentage rollouts
Scheduled rollouts
Target groups
Flag dependencies
Flag context
About features
Creating and deleting features
Managing features
Configuration as Code
Verbose logging
Local testing
Microservices testing
User space error handler
Flag impressions
Fetched handler
Integrating with Jira
Configuring webhooks
Integrating with Jenkins
Managing users
Managing teams and permissions
Managing applications
Managing billing plans
Audit log
SAML single sign-on
Two-factor authentication
Allow/Disallow domains
Secret mode
A proxy for CloudBees Feature Management
European Union (EU) hosting
Support policies
Supported platforms
Terms and services
Open Source Software Attributes

Allowlist domains

1 minute readSecurity

This section lists the URLs that are used by the SDK to properly communicate with our outbound backend servers.

The following URLs are used by the SDK:

  • https://statestore.rollout.io/ - GET request to verify the state of new feature flags and customer properties.

  • https://conf.rollout.io/ - GET request to retrieve the latest configuration.

  • https://x-api.rollout.io/ - GET/POST request send to CloudBees Feature Management servers to indicate a new version is running, or a new state is discovered.

  • https://analytic.rollout.io/ - POST request to CloudBees Feature Management analytics servers, to see impressions on the dashboard.

  • https://push.rollout.io/ - Server Sent Events that get notifications upon a change in the configuration. No special firewall rules are required.

The following third-party URL is used by the SDK:

  • https://notify.bugsnag.com/ - POST request to Bugsnag tool. SDK error monitoring and reporting tool.

Content Security Policy (CSP)

If you are using Content Security Policy (CSP) to protect your application and users, then you will need to update your CSP configuration to allow your application to communicate with the CloudBees Feature Management servers.

Only browser-based SDKs require these settings.

Add the following URLs to your connect-src CSP settings.

  connect-src ...
    https://analytic.rollout.io
    https://conf.rollout.io
    https://push.rollout.io
    https://statestore.rollout.io
    https://x-api.rollout.io
    https://notify.bugsnag.com;
 ....
Two-factor authentication
Secret mode