canmove, Confirmed users
1,537
edits
Security/CSP/Spec: Difference between revisions
m
→Policy Language and Syntax
m (→Terminology) |
|||
| Line 202: | Line 202: | ||
=Policy Language and Syntax= | =Policy Language and Syntax= | ||
A policy is composed of directives with their corresponding values. Any number of directives can be defined, but the <b><tt>allow</tt> directive must always be present</b>. Each directive is followed with a list of host expressions except for <tt>policy-uri</tt> and <tt>report-uri</tt> which contain a single URI value. Some [[Security/CSP/Spec#Sample_Policy_Definitions|example policy sets]] are provided below. | A policy is composed of directives with their corresponding values. Any number of directives can be defined, but the <b><tt>allow</tt> directive must always be present</b>, or CSP will revert to enforcing the policy <tt>allow 'none'</tt> for the protected content. Each directive is followed with a list of host expressions except for <tt>policy-uri</tt> and <tt>report-uri</tt> which contain a single URI value. Some [[Security/CSP/Spec#Sample_Policy_Definitions|example policy sets]] are provided below. | ||
Note: In the case of policy refinements as described above, it is possible to have two report-uri values; in this situation, a copy of the report is sent to each of the two URIs. | Note: In the case of policy refinements as described above, it is possible to have two report-uri values; in this situation, a copy of the report is sent to each of the two URIs. | ||