Home > other >  Content Security Policy Wildcards?
Content Security Policy Wildcards?

Time:09-06

I'm getting this content security policy error:

Refused to connect to 'https://web-2.statscollector.sd-rtn.com:6443/events/proto-raws' because it violates the following Content Security Policy directive: "connect-src [.....]

My content security policy rules for connect-src include:

"https://*.statscollector.sd-rtn.com:6443/*",

Am I not using wildcards correctly?

CodePudding user response:

We just have to provide the domain and should not include the path of the domain.

Valid wildcard host names expressions include "*.google.com" and "*".

Invalid wildcard host name expressions include "www.*.com", "*.google.*" and "google.*".

Reference for it:- https://wiki.mozilla.org/Security/CSP/Specification#Hostname_Wildcards

Just try to use like this https://*.statscollector.sd-rtn.com:6443 as your content security rule

  • Related