search

Home  >  Q&A  >  body text

How to set wildcard for connect-src content security policy in html?

In html I have this

<meta
  http-equiv="Content-Security-Policy"
  content="default-src 'self'; connect-src file: https://data.global ws://localhost:* http://localhost:*; img-src http://localhost:* file: blob: data:; font-src file: http://localhost:*; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
/>

But for connect-src I have many domains that I want to whitelist. Sometimes they are created frequently so I don't want to keep updating them every time. Is there a way to allow all domains? I might delete connect-src but then default-src will kick in and break it.

P粉974462439P粉974462439263 days ago583

reply all(1)I'll reply

  • P粉386318086

    P粉3863180862024-04-03 00:56:14

    Use * to match any HTTP/HTTPS origin as well as the current origin's scheme. Use https to match any HTTPS origin.

    reply
    0
  • Cancelreply