Found while updating a library in Pode.Web, but there have been some new attributes added for the Content-Security-Policy header - as well as some pre-existing ones that needed adding:
fenched-frame-src
prefetch-src
script-src-attr
script-src-elem
style-src-attr
style-src-elem
worker-src
report-uri
Also added the following schemes:
blob
data
mediastream
ftp
mailto
tel
filesystem
And the following keywords:
strict-dynamic
report-sample
inline-speculation-rules
unsafe-hashes
wasm-unsafe-eval
Also added a -ReportOnly switch to toggle using Content-Security-Policy-Report-Only
Description of the Change
Found while updating a library in Pode.Web, but there have been some new attributes added for the
Content-Security-Policyheader - as well as some pre-existing ones that needed adding:Also added the following schemes:
And the following keywords:
Also added a
-ReportOnlyswitch to toggle usingContent-Security-Policy-Report-Only