Valid host expressions can include:
-
https://*.devoops.app
Matches all subdomains ofdevoops.app
using the HTTPS scheme but notdevoops.app
itself. -
www.devoops.app443
Matcheswww.devoops.app
only on port 443 using any scheme. -
https://devoops.app:*
Matches any port ondevoops.app
using HTTPS.
Name | Options | Description |
---|---|---|
Default Source | None , All , Self , Data , Unsafe Inline , Unsafe Eval |
The default-sr directive specifies the security policy for types of content that are not specifically defined by their own directives. This includes, child-src, connect-src, font-src, img-src, media-src, object-src, script-src and style-src. |
Script Source | None , All , Self , Data , Unsafe Inline , Unsafe Eval |
The script-src directive specifies valid sources for JavaScript. This directive falls back to default-src if not specified. When either script-src or default-src are present the use of inline script and eval() is blocked without the addition of Unsafe Inline and Unsafe Eval respectively. |