Mirrors/uBlock
1
0
Fork 0
mirror of https://github.com/gorhill/uBlock.git synced 2024-09-29 06:07:11 +02:00
Code Issues Releases Wiki Activity

csp syntax "is" unusual

gwarser 2021-12-11 20:31:45 +01:00
parent a09da1a49d
commit 9e147c49bb
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Static-filter-syntax.md

@ -523,7 +523,7 @@ Exception filter for specific `csp` blocking filter must have exactly the same c
@@||example.com^$csp
CSP option syntax may look unusual compared to other filters. It's advised to be used only by advanced users. It works in "allowlist" mode - data can be downloaded only from addresses explicitly specified in this option. However, uBO is adding it's own second CSP header, which [as per specification](https://w3c.github.io/webappsec-csp/#multiple-policies) will be merged into one final policy, which will be in sum enforcing most strict rules from both headers. For example, you can easily break webpage if policy send by server allows `a.com` and `b.com` and your filter adds `c.com` - in sum, no request will be allowed at all.
CSP option syntax is unusual compared to other filters. It's advised to be used only by advanced users. It works in "allowlist" mode - data can be downloaded only from addresses explicitly specified in this option. However, uBO is adding it's own second CSP header, which [as per specification](https://w3c.github.io/webappsec-csp/#multiple-policies) will be merged into one final policy, which will be in sum enforcing most strict rules from both headers. For example, you can easily break webpage if policy send by server allows `a.com` and `b.com` and your filter adds `c.com` - in sum, no request will be allowed at all.
Refer to ["Content Security Policy (CSP) Quick Reference Guide"](https://content-security-policy.com/) or [MDN documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) for further syntax help.