Content Security Headers: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(→ToDo) |
(→ToDo) |
||
| Zeile 44: | Zeile 44: | ||
</pre> | </pre> | ||
== ToDo == | |||
=== connect-src === | |||
Syntax | |||
<pre> | |||
connect-src 'self' data: maps.googleapis.com; | connect-src 'self' data: maps.googleapis.com; | ||
</pre> | |||
=== default-src === | |||
Syntax | |||
<pre> | |||
default-src 'self'; | default-src 'self'; | ||
</pre> | |||
=== font-src === | |||
Syntax | |||
<pre> | |||
font-src 'self' data: googletagmanager.com; | font-src 'self' data: googletagmanager.com; | ||
</pre> | |||
=== img-src 'self' === | |||
Syntax | |||
<pre> | |||
img-src 'self' blob: data:; | img-src 'self' blob: data:; | ||
</pre> | |||
=== manifest-src === | |||
Syntax | |||
<pre> | |||
manifest-src 'self' data:; | manifest-src 'self' data:; | ||
</pre> | |||
=== object-src === | |||
Syntax | |||
<pre> | |||
object-src 'self'; | object-src 'self'; | ||
</pre> | |||
=== script-src === | |||
Syntax | |||
<pre> | |||
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample'; | script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample'; | ||
</pre> | |||
=== style-src === | |||
Syntax | |||
<pre> | |||
style-src 'self' 'unsafe-inline' 'report-sample'; | style-src 'self' 'unsafe-inline' 'report-sample'; | ||
</pre> | |||
=== worker-src === | |||
Syntax | |||
<pre> | |||
worker-src 'self'; | worker-src 'self'; | ||
</pre> | |||
== Strict-Transport-Security == | == Strict-Transport-Security == | ||
Version vom 13. April 2023, 11:04 Uhr
Bereiche
Content Security Policy
upgrade-insecure-requests
Syntax
upgrade-insecure-requests;
frame-ancestors
Syntax
frame-ancestors 'self';
form-action
Syntax
form-action 'self';
base-uri
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/base-uri
Syntax
base-uri 'self';
ToDo
connect-src
Syntax
connect-src 'self' data: maps.googleapis.com;
default-src
Syntax
default-src 'self';
font-src
Syntax
font-src 'self' data: googletagmanager.com;
img-src 'self'
Syntax
img-src 'self' blob: data:;
manifest-src
Syntax
manifest-src 'self' data:;
object-src
Syntax
object-src 'self';
script-src
Syntax
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample';
style-src
Syntax
style-src 'self' 'unsafe-inline' 'report-sample';
worker-src
Syntax
worker-src 'self';