daliborgogic/policy.md

## policy.md

      
    Raw
  

              policy.md
            
          
    Valid host expressions can include:


https://*.devoops.app Matches all subdomains of devoops.app using the HTTPS scheme but not devoops.app itself.


www.devoops.app443 Matches www.devoops.app only on port 443 using any scheme.


https://devoops.app:* Matches any port on devoops.app using HTTPS.


Name
Options
Description


Default Source
None, All, Self, Data, Unsafe Inline, Unsafe Eval
The default-sr directive specifies the security policy for types of content that are not specifically defined by their own directives. This includes, child-src, connect-src, font-src, img-src, media-src, object-src, script-src and style-src.


Script Source
None, All, Self, Data, Unsafe Inline, Unsafe Eval
The script-src directive specifies valid sources for JavaScript. This directive falls back to default-src if not specified. When either script-src or default-src are present the use of inline script and eval() is blocked without the addition of Unsafe Inline and Unsafe Eval respectively.
Name	Options	Description
Default Source	`None`, `All`, `Self`, `Data`, `Unsafe Inline`, `Unsafe Eval`	The `default-sr` directive specifies the security policy for types of content that are not specifically defined by their own directives. This includes, child-src, connect-src, font-src, img-src, media-src, object-src, script-src and style-src.
Script Source	`None`, `All`, `Self`, `Data`, `Unsafe Inline`, `Unsafe Eval`	`The script-src` directive specifies valid sources for JavaScript. This directive falls back to `default-src` if not specified. When either script-src or default-src are present the use of inline script and `eval()` is blocked without the addition of `Unsafe Inline` and `Unsafe Eval` respectively.