CSP
Syntax
<% Csp directive-name value-1 value-2 ... value-n %>
Directive Names
The table below lists the valid directive names accepted by the WEM runtime.
directive-name
Remarks
child-src
Fetch directive
connect-src
Fetch directive
default-src
Fetch directive
frame-src
Fetch directive
font-src
Fetch directive
img-src
Fetch directive
manifest-src
Fetch directive
media-src
Fetch directive
object-src
Fetch directive
script-src
Fetch directive
script-src-attr
Fetch directive
script-src-elem
Fetch directive
style-src
Fetch directive
style-src-attr
Fetch directive
style-src-elem
Fetch directive
worker-src
Fetch directive
base-uri
Document directive
sandbox
Document directive
form-action
Navigation directive
frame-ancestors
Navigation directive
report-to
Reporting directive
upgrade-insecure-requests
Miscellaneous
Directive Values
Example values include: https:, 'sha256-ex2O7MWOzfdzthhKmdazheryN6oERSF8PrdvxrtP8dI=', http://*.example.com, 'none', 'self', and data:.
Example
<% Csp img-src data: https://static.my-website.com %>
<% Csp font-src https://cdn.my-open-fonts.com %>
<% Csp script-src https://static.my-website.com https://cdn.other-website.com 'sha256-eReahVJiG1zBXPQyxX0V6oAxkfiBdmaNffG9eZWSUxc=' %>
<!doctype html>
<html>
<!-- HTML content -->
</html>Last updated
Was this helpful?