Defining Multiple Content-Security-Policy-Report-Only in Headers
Hey all, I'm defining a
_headers file for my Cloudflare page, but wanted to break up Content-Security-Policy-Report-Only over multiple lines since it is getting pretty long.
I wanted to take advantage of https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#multiple_content_security_policies
and have something like
but Cloudflare automatically just appends the two with a , breaking the logic.
Any way I can achieve this?MDN Web Docs
Content-Security-Policy - HTTP | MDN
The HTTP Content-Security-Policy response header allows
website administrators to control resources the user agent is allowed to load for a
given page. With a few exceptions, policies mostly involve specifying server origins and
script endpoints. This helps guard against cross-site scripting attacks
(Cross-site_scripting).
1 Reply
That's documented behavior with no override:
If a header is applied twice in the _headers file, the values are joined with a comma separator.Gotta be one line