Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Content Security Policy for self subdomains

Tags:

http

security

In order to set a default-src for self it will exclude the subdomains of the origin website.

default-src 'self'

How to enable the subdomains of the self URL?

like image 868
elkebirmed Avatar asked Feb 14 '16 10:02

elkebirmed

People also ask

Does CSP self include subdomains?

Bookmark this question. Show activity on this post. In order to set a default-src for self it will exclude the subdomains of the origin website.

What is Self in content security policy?

You might take 'self' to mean localhost, local filesystem, or anything on the same host. It doesn't mean any of those. It means sources that have the same scheme (protocol), same host, and same port as the file the content policy is defined in.

Do subdomains need to be registered?

Simple answer: No, you do not need to register a separate domain name for your subdomain. Depending on your domain name provider, there will be options to create additional subdomains.

1 Answers

You need to explicitly add them with fully qualified domains:

default-src 'self' sub1.example.com sub2.example.com

Or with wildcards:

default-src 'self' *.example.com
like image 108
Barry Pollard Avatar answered Oct 12 '22 22:10

Barry Pollard
Sign in to Comment

Related questions

How to send secure AJAX requests with PHP and jQuery
Login disallowed for security reasons postgresql centos server
Angular 2: sanitizing HTML stripped some content with div id - this is bug or feature?
Preventing bot form submission
iptables LOG and DROP in one rule
How secure is PHP?
How to secure string in Android Application?
How do I secure Socket.IO?
Having a POST'able API and Django's CSRF Middleware
What to use as the developer payload in Google In-App Billing APIs?
What's the most secure possible Devise configuration?
Practical applications of homomorphic encryption algorithms?
SSL iframe is embedded on other web site
SecItemCopyMatching for Touch ID without passcode fallback
IIS Returning Old User Names to my application
Facebook login - how to develop on both localhost and in production?
Signed session cookies. A good idea?
How can I launch Chrome with flags from command line more concisely?
How to store passwords in Winforms application?
Authentication, Authorization, User and Role Management and general Security in .NET

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!