Content Security Headers: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(→ToDo) |
|||
| Zeile 46: | Zeile 46: | ||
=== ToDo === | === ToDo === | ||
connect-src 'self' data: maps.googleapis.com; | |||
img-src 'self' blob: data:; manifest-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample'; style-src 'self' 'unsafe-inline' 'report-sample'; worker-src 'self'; | default-src 'self'; | ||
font-src 'self' data: googletagmanager.com; | |||
img-src 'self' blob: data:; | |||
manifest-src 'self' data:; | |||
object-src 'self'; | |||
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample'; | |||
style-src 'self' 'unsafe-inline' 'report-sample'; | |||
worker-src 'self'; | |||
== Strict-Transport-Security == | == Strict-Transport-Security == | ||
Version vom 13. April 2023, 11:01 Uhr
Bereiche
Content Security Policy
upgrade-insecure-requests
Syntax
upgrade-insecure-requests;
frame-ancestors
Syntax
frame-ancestors 'self';
form-action
Syntax
form-action 'self';
base-uri
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/base-uri
Syntax
base-uri 'self';
ToDo
connect-src 'self' data: maps.googleapis.com; default-src 'self'; font-src 'self' data: googletagmanager.com; img-src 'self' blob: data:; manifest-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample'; style-src 'self' 'unsafe-inline' 'report-sample'; worker-src 'self';