Menu
I've read the Content Security Policy docs and have entries for my image sources. My values match the examples in the docs, but Chrome complains the valus aren't valid:
Unrecognized Content-Security-Policy directive 'pbs.twimg.com'.
Unrecognized Content-Security-Policy directive 'https://pbs.twimg.com'.
The header is:
Content-Security-Policy-Report-Only:default-src 'self' 'unsafe-inline' 'unsafe-eval' mycompany.com *.typekit.net *.stripe.com *.mxpnl.com *.twitter.com;img-src 'self' data:; pbs.twimg.com;font-src fonts.googleapis.com fonts.gstatic.com *.typekit.net;report-uri /csp-violation
463
You have a semi-colon after data: and before pbs.twimg.com so pbs.twimg.com is being treated as a directive-name instead of as part of a directive-value.
106
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
