How to set wildcard for connect-src content security policy in html?

Question

In html I have this

<meta
  http-equiv="Content-Security-Policy"
  content="default-src 'self'; connect-src file: https://data.global ws://localhost:* http://localhost:*; img-src http://localhost:* file: blob: data:; font-src file: http://localhost:*; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
/>

But for connect-src I have many domains that I want to whitelist. Sometimes they are created frequently so I don't want to keep updating them every time. Is there a way to allow all domains? I might delete connect-src but then default-src will kick in and break it.

Answer 1

Use * to match any HTTP/HTTPS origin as well as the current origin's scheme. Use https to match any HTTPS origin.