Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to configure CSP for all all Google domains (i.e. .com, .de, .fr, etc)

I am whitelisting domains for CSP headers. Is there any recommendation for whitelisting a big list of domain, all belonging to the same company e.g. google.de, google.fr, etc.

If I understand correctly, *.mydomain.com means both subdomains of mydomain.com and also mydomain.com itself. For security itself, it doesn't make sense to allow any top level domain of google.<tld>, yet it would be very convenient to have a shorthand way to list all google.<tld> that I can find.

Is there a shorter / better alternative to maintaining a list of all possible google.*?

like image 727
jleeothon Avatar asked Sep 14 '18 14:09

jleeothon


1 Answers

At least for now, a seemingly reliable list would be: https://www.google.com/supported_domains

like image 116
jleeothon Avatar answered Nov 01 '22 09:11

jleeothon