[x] I was not able to find an open or closed issue matching what I'm seeing.
[x] This is not a question. (Questions should be asked on chat (Signup here) or our forums.)
Current Zend\Http\Header\ContentSecurityPolicy is too old (CSP 1.0 Header) and should be updated to follow CSP Level 3 (according to https://www.w3.org/TR/CSP/)
So, Some directives are missing in Fetch directive
child-src
manifest-src
worker-src
prefetch-src
script-src-elem
script-src-attr
style-src-elem
style-src-attr
And some Navigation, Document and Reporting directives are missing.
base-uri
plugin-types
form-action
frame-ancestors
navigate-to
report-to
Code to reproduce the issue
$csp = new ContentSecurityPolicy();
$csp->setDirective('worker-src', ['https://*.google.com', 'http://foo.com']);
$csp->toString();
MadCat34
commented
5 years ago
Current Zend\Http\Header\ContentSecurityPolicy is too old (CSP 1.0 Header) and should be updated to follow CSP Level 3 (according to https://www.w3.org/TR/CSP/)
So, Some directives are missing in Fetch directive
And some Navigation, Document and Reporting directives are missing.
Code to reproduce the issue
Expected results
toString() should return "Content-Security-Policy: worker-src https://*.google.com http://foo.com;"
Actual results
Throw a Exception\InvalidArgumentException