[HELP] CSP Rule For All Domains

avatar

Administrator
Staff member
Administrator
Yeah, you're right.

This one will match any URL:
Code:
$csp=script-src 'self' 'unsafe-eval' http: https:
 

Incognitus_X

New Member
Think I will go with:

$csp=script-src 'self' 'unsafe-eval' object-src 'self' https:

More strict: $csp=default-src 'self' https:
 
Last edited:
Top