Add support for child-src, worker-src and manifest-src
See original GitHub issueThe default-src
directive covers a few more cases than laboratory currently supports:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src
This means that laboratory might generate a CSP header whose default-src none
blocks:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/child-src
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/manifest-src
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:12 (6 by maintainers)
Top Results From Across the Web
CSP: child-src - HTTP - MDN Web Docs - Mozilla
The HTTP Content-Security-Policy (CSP) child-src directive defines the valid sources for web workers and nested browsing contexts loaded ...
Read more >CSP: child-src and frame-src deprecated - Stack Overflow
1 Answer 1 · The frame-src directive, which was deprecated in CSP Level 2, has been undeprecated, but continues to defer to child-src...
Read more >CSP: worker-src - HTTP - UDN Web Docs: MDN Backup
The HTTP Content-Security-Policy (CSP) worker-src directive specifies valid ... will first look for the child-src directive, then the script-src directive, ...
Read more >[CSP] certain policies are not set at all - frame-src ... - GitHub
I notice that a few (many?) CSPs are not set at all, although they can be found in the source code. I noticed...
Read more >Content-Security-Policy Header CSP Reference & Examples
child -src. Defines valid sources for web workers and nested browsing contexts loaded using elements such as <frame> and <iframe> ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I know it seems like it would never be fixed, but I actually made this work in 2f225b938e46f425aea3068573ce02cf95a12127. It required some internal Firefox changes before it could happen. Check out version 3.0 on AMO, and let me know if it’s working for you!
Thanks! I’ll be poking away at this at some point but it may be a little bit. 😃