How to set wildcard for connect-src content security policy in html?
P粉974462439
P粉974462439 2024-04-02 16:12:49
0
1
577

In html I have this

<meta
  http-equiv="Content-Security-Policy"
  content="default-src 'self'; connect-src file: https://data.global ws://localhost:* http://localhost:*; img-src http://localhost:* file: blob: data:; font-src file: http://localhost:*; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
/>

But for connect-src I have many domains that I want to whitelist. Sometimes they are created frequently so I don't want to keep updating them every time. Is there a way to allow all domains? I might delete connect-src but then default-src will kick in and break it.

P粉974462439
P粉974462439

reply all(1)
P粉386318086

Use * to match any HTTP/HTTPS origin as well as the current origin's scheme. Use https to match any HTTPS origin.

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template