I'm getting this content security policy error:
Refused to connect to 'https://web-2.statscollector.sd-rtn.com:6443/events/proto-raws' because it violates the following Content Security Policy directive: "connect-src [.....]
My content security policy rules for connect-src include:
"https://*.statscollector.sd-rtn.com:6443/*",
Am I not using wildcards correctly?
CodePudding user response:
We just have to provide the domain and should not include the path of the domain.
Valid wildcard host names expressions include "*.google.com"
and "*"
.
Invalid wildcard host name expressions include "www.*.com"
, "*.google.*"
and "google.*"
.
Reference for it:- https://wiki.mozilla.org/Security/CSP/Specification#Hostname_Wildcards
Just try to use like this https://*.statscollector.sd-rtn.com:6443
as your content security rule