I'm getting this content security policy error:
Refused to connect to ':6443/events/proto-raws' because it violates the following Content Security Policy directive: "connect-src [.....]
My content security policy rules for connect-src include:
"https://*.statscollector.sd-rtn:6443/*",
Am I not using wildcards correctly?
I'm getting this content security policy error:
Refused to connect to 'https://web-2.statscollector.sd-rtn.:6443/events/proto-raws' because it violates the following Content Security Policy directive: "connect-src [.....]
My content security policy rules for connect-src include:
"https://*.statscollector.sd-rtn.:6443/*",
Am I not using wildcards correctly?
Share Improve this question asked Sep 6, 2022 at 1:15 VikRVikR 5,1429 gold badges56 silver badges112 bronze badges 1-
2
Just try this
https://*.statscollector.sd-rtn.:6443
as your content security rule – bhargava.prabu Commented Sep 6, 2022 at 1:47
1 Answer
Reset to default 6We just have to provide the domain and should not include the path of the domain.
Valid wildcard host names expressions include "*.google."
and "*"
.
Invalid wildcard host name expressions include "www.*."
, "*.google.*"
and "google.*"
.
Reference for it:- https://wiki.mozilla/Security/CSP/Specification#Hostname_Wildcards
Just try to use like this https://*.statscollector.sd-rtn.:6443
as your content security rule