Created
April 10, 2020 03:44
-
-
Save reintakura/173414f73c1cca47caa6af9f5a511a67 to your computer and use it in GitHub Desktop.
allow all content, just add CSP header
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; | |
| script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; | |
| connect-src * data: blob: 'unsafe-inline'; | |
| img-src * data: blob: 'unsafe-inline'; | |
| frame-src * data: blob: ; | |
| style-src * data: blob: 'unsafe-inline'; | |
| font-src * data: blob: 'unsafe-inline'; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Reference :
https://stackoverflow.com/questions/35978863/allow-all-content-security-policy
https://content-security-policy.com/
https://www.html5rocks.com/en/tutorials/security/content-security-policy/