Menu
I am whitelisting domains for CSP headers. Is there any recommendation for whitelisting a big list of domain, all belonging to the same company e.g. google.de, google.fr, etc.
If I understand correctly, *.mydomain.com means both subdomains of mydomain.com and also mydomain.com itself. For security itself, it doesn't make sense to allow any top level domain of google.<tld>, yet it would be very convenient to have a shorthand way to list all google.<tld> that I can find.
Is there a shorter / better alternative to maintaining a list of all possible google.*?
727
At least for now, a seemingly reliable list would be: https://www.google.com/supported_domains
116
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
