合并内容安全策略标头值

时间:2019-03-13 11:55:21

标签: apache security http-headers content-security-policy

我的Apache 2.4 Content-Security-Policy标头值如下所示:

Header always set Content-Security-Policy "default-src https: 
*.google.com *.gstatic.com *.domain.local *.googleapis.com 
cdn.jotfor.ms events.jotform.com; script-src 'unsafe-inline
' *.google.com *.gstatic.com *.domain.local *.googleapis.com 
cdn.jotfor.ms events.jotform.com; style-src 'unsafe-inline' 
*.google.com *.gstatic.com *.domain.local *.googleapis.
com cdn.jotfor.ms events.jotform.com; img-src 'self' data: 
*.google.com *.gstatic.com *.domain.local *.googleapis.com 
cdn.jotfor.ms events.jotform.com"

有没有办法整合所有跨指令重复的域声明?

谢谢

0 个答案:

没有答案