Canmove, confirm
1,537
edits
Changes
→Policy Language and Syntax
==Policy Language and Syntax==
A policy is composed of directives with their corresponding values. Any number of directives can be defined, but the <b><tt>allow</tt> directive must always be present</b>, or CSP will revert to enforcing the policy <tt>allow 'none'</tt> for the protected content. Each directive is followed with a list of host expressions except for <tt>policy-uri</tt> and <tt>report-uri</tt> which contain a single URI value. Some [[Security/CSP/Spec#Sample_Policy_Definitions|example policy sets]] are provided below.
Note: In the case of policy refinements as described above, it is possible to have two report-uri values; in this situation, a copy of the report is sent to each of the two URIs.
