CSP

The Csp template part is used to configure the Content Security Policy for the current design template.

Syntax

<% Csp directive-name value-1 value-2 ... value-n %>

Directive Names

The table below will show the valid directive names accepted by the WEM runtime.

directive-name

Remarks

child-src

Fetch directive

connect-src

Fetch directive

default-src

Fetch directive

frame-src

Fetch directive

font-src

Fetch directive

img-src

Fetch directive

manifest-src

Fetch directive

media-src

Fetch directive

object-src

Fetch directive

script-src

Fetch directive

script-src-attr

Fetch directive

script-src-elem

Fetch directive

style-src

Fetch directive

style-src-attr

Fetch directive

style-src-elem

Fetch directive

worker-src

Fetch directive

base-uri

Document directive

sandbox

Document directive

form-action

Navigation directive

frame-ancestors

Navigation directive

report-to

Reporting directive

upgrade-insecure-requests

Miscellaneous

Directive Values

Example values: https:, 'sha256-ex2O7MWOzfdzthhKmdazheryN6oERSF8PrdvxrtP8dI=, http://*.example.com, 'none', 'self', data:.

Example

<% Csp img-src data: https://static.my-website.com %>
<% Csp font-src https://cdn.my-open-fonts.com %>
<% Csp script-src https://static.my-website.com https://cdn.other-website.com 'sha256-eReahVJiG1zBXPQyxX0V6oAxkfiBdmaNffG9eZWSUxc=' %>
<!doctype html>
<html>
    <!-- HTML content -->
</html>

Last updated

Was this helpful?