diff --git a/files/en-us/web/http/headers/content-security-policy/connect-src/index.md b/files/en-us/web/http/headers/content-security-policy/connect-src/index.md index 1c72861b810ffcd..26cc96d0a2c5af7 100644 --- a/files/en-us/web/http/headers/content-security-policy/connect-src/index.md +++ b/files/en-us/web/http/headers/content-security-policy/connect-src/index.md @@ -43,16 +43,17 @@ loaded using script interfaces. The APIs that are restricted are: ## Syntax -One or more sources can be allowed for the connect-src policy: - ```http -Content-Security-Policy: connect-src ; -Content-Security-Policy: connect-src ; +Content-Security-Policy: connect-src 'none'; +Content-Security-Policy: connect-src ; ``` -### Sources +This directive may have either: + +- the single keyword value `'none'`, meaning that no resources of this type may be loaded +- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions. -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). ## Examples diff --git a/files/en-us/web/http/headers/content-security-policy/default-src/index.md b/files/en-us/web/http/headers/content-security-policy/default-src/index.md index 9c1b8f365d1a048..e5a55b5107e20af 100644 --- a/files/en-us/web/http/headers/content-security-policy/default-src/index.md +++ b/files/en-us/web/http/headers/content-security-policy/default-src/index.md @@ -41,16 +41,17 @@ The HTTP {{HTTPHeader("Content-Security-Policy")}} (CSP) **`default-src`** direc ## Syntax -One or more sources can be allowed for the `default-src` policy: - ```http -Content-Security-Policy: default-src ; -Content-Security-Policy: default-src ; +Content-Security-Policy: default-src 'none'; +Content-Security-Policy: default-src ; ``` -### Sources +This directive may have either: + +- the single keyword value `'none'`, meaning that no resources of this type may be loaded +- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions. -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). ## Examples diff --git a/files/en-us/web/http/headers/content-security-policy/font-src/index.md b/files/en-us/web/http/headers/content-security-policy/font-src/index.md index 489272cfdfaa0e7..a862bc65d41d850 100644 --- a/files/en-us/web/http/headers/content-security-policy/font-src/index.md +++ b/files/en-us/web/http/headers/content-security-policy/font-src/index.md @@ -33,16 +33,17 @@ valid sources for fonts loaded using {{cssxref("@font-face")}}. ## Syntax -One or more sources can be allowed for the `font-src` policy: - ```http -Content-Security-Policy: font-src ; -Content-Security-Policy: font-src ; +Content-Security-Policy: font-src 'none'; +Content-Security-Policy: font-src ; ``` -### Sources +This directive may have either: + +- the single keyword value `'none'`, meaning that no resources of this type may be loaded +- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions. -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). ## Examples diff --git a/files/en-us/web/http/headers/content-security-policy/form-action/index.md b/files/en-us/web/http/headers/content-security-policy/form-action/index.md index bc5819b8b6eca82..b320bafc403b528 100644 --- a/files/en-us/web/http/headers/content-security-policy/form-action/index.md +++ b/files/en-us/web/http/headers/content-security-policy/form-action/index.md @@ -31,16 +31,17 @@ The HTTP {{HTTPHeader("Content-Security-Policy")}} (CSP) **`form-action`** direc ## Syntax -One or more sources can be set for the `form-action` policy: - ```http -Content-Security-Policy: form-action ; -Content-Security-Policy: form-action ; +Content-Security-Policy: form-action 'none'; +Content-Security-Policy: form-action ; ``` -### Sources +This directive may have either: + +- the single keyword value `'none'`, meaning that no form submissions may be made +- a list of _source expression_ values, meaning that form submissions may be made to URLs that match any of the given source expressions. -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). ## Examples diff --git a/files/en-us/web/http/headers/content-security-policy/frame-src/index.md b/files/en-us/web/http/headers/content-security-policy/frame-src/index.md index 473687aea2d31c1..35d6fffe0268aad 100644 --- a/files/en-us/web/http/headers/content-security-policy/frame-src/index.md +++ b/files/en-us/web/http/headers/content-security-policy/frame-src/index.md @@ -38,16 +38,17 @@ browsing contexts loading using elements such as {{HTMLElement("frame")}} and ## Syntax -One or more sources can be allowed for the `frame-src` policy: - ```http -Content-Security-Policy: frame-src ; -Content-Security-Policy: frame-src ; +Content-Security-Policy: frame-src 'none'; +Content-Security-Policy: frame-src ; ``` -### Sources +This directive may have either: + +- the single keyword value `'none'`, meaning that no resources of this type may be loaded +- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions. -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). ## Examples diff --git a/files/en-us/web/http/headers/content-security-policy/img-src/index.md b/files/en-us/web/http/headers/content-security-policy/img-src/index.md index 3f085361f573899..a0675410425a9f2 100644 --- a/files/en-us/web/http/headers/content-security-policy/img-src/index.md +++ b/files/en-us/web/http/headers/content-security-policy/img-src/index.md @@ -31,16 +31,17 @@ The HTTP {{HTTPHeader("Content-Security-Policy")}} **`img-src`** directive speci ## Syntax -One or more sources can be allowed for the `img-src` policy: - ```http -Content-Security-Policy: img-src ; -Content-Security-Policy: img-src ; +Content-Security-Policy: img-src 'none'; +Content-Security-Policy: img-src ; ``` -### Sources +This directive may have either: + +- the single keyword value `'none'`, meaning that no resources of this type may be loaded +- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions. -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). ## Examples diff --git a/files/en-us/web/http/headers/content-security-policy/manifest-src/index.md b/files/en-us/web/http/headers/content-security-policy/manifest-src/index.md index 04baae34c6d18b8..3b1c2094311fcde 100644 --- a/files/en-us/web/http/headers/content-security-policy/manifest-src/index.md +++ b/files/en-us/web/http/headers/content-security-policy/manifest-src/index.md @@ -34,16 +34,17 @@ to the resource. ## Syntax -One or more sources can be allowed for the `manifest-src` policy: - ```http -Content-Security-Policy: manifest-src ; -Content-Security-Policy: manifest-src ; +Content-Security-Policy: manifest-src 'none'; +Content-Security-Policy: manifest-src ; ``` -### Sources +This directive may have either: + +- the single keyword value `'none'`, meaning that no resources of this type may be loaded +- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions. -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). ## Examples diff --git a/files/en-us/web/http/headers/content-security-policy/media-src/index.md b/files/en-us/web/http/headers/content-security-policy/media-src/index.md index 73a9750efb5c104..4b1c941a179dbab 100644 --- a/files/en-us/web/http/headers/content-security-policy/media-src/index.md +++ b/files/en-us/web/http/headers/content-security-policy/media-src/index.md @@ -33,16 +33,17 @@ media using the {{HTMLElement("audio")}} and {{HTMLElement("video")}} elements. ## Syntax -One or more sources can be allowed for the `media-src` policy: - ```http -Content-Security-Policy: media-src ; -Content-Security-Policy: media-src ; +Content-Security-Policy: media-src 'none'; +Content-Security-Policy: media-src ; ``` -### Sources +This directive may have either: + +- the single keyword value `'none'`, meaning that no resources of this type may be loaded +- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions. -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). ## Examples diff --git a/files/en-us/web/http/headers/content-security-policy/object-src/index.md b/files/en-us/web/http/headers/content-security-policy/object-src/index.md index c4f3dae6c5eec3f..6daf3bfb07e6eb6 100644 --- a/files/en-us/web/http/headers/content-security-policy/object-src/index.md +++ b/files/en-us/web/http/headers/content-security-policy/object-src/index.md @@ -40,16 +40,17 @@ The HTTP {{HTTPHeader("Content-Security-Policy")}} ## Syntax -One or more sources can be allowed for the `object-src` policy: - ```http -Content-Security-Policy: object-src ; -Content-Security-Policy: object-src ; +Content-Security-Policy: object-src 'none'; +Content-Security-Policy: object-src ; ``` -### Sources +This directive may have either: + +- the single keyword value `'none'`, meaning that no resources of this type may be loaded +- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions. -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). ## Examples diff --git a/files/en-us/web/http/headers/content-security-policy/prefetch-src/index.md b/files/en-us/web/http/headers/content-security-policy/prefetch-src/index.md index f03ec1ca3dc6b07..3bcc9cf00c2c7bc 100644 --- a/files/en-us/web/http/headers/content-security-policy/prefetch-src/index.md +++ b/files/en-us/web/http/headers/content-security-policy/prefetch-src/index.md @@ -36,16 +36,17 @@ be prefetched or prerendered. ## Syntax -One or more sources can be allowed for the `prefetch-src` policy: - ```http -Content-Security-Policy: prefetch-src ; -Content-Security-Policy: prefetch-src ; +Content-Security-Policy: prefetch-src 'none'; +Content-Security-Policy: prefetch-src ; ``` -### Sources +This directive may have either: + +- the single keyword value `'none'`, meaning that no resources of this type may be loaded +- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions. -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). ## Example diff --git a/files/en-us/web/http/headers/content-security-policy/script-src-attr/index.md b/files/en-us/web/http/headers/content-security-policy/script-src-attr/index.md index d241ea62c199b22..ff1e5c5770032df 100644 --- a/files/en-us/web/http/headers/content-security-policy/script-src-attr/index.md +++ b/files/en-us/web/http/headers/content-security-policy/script-src-attr/index.md @@ -35,13 +35,18 @@ It does not apply to other JavaScript sources that can trigger script execution, ## Syntax -One or more sources can be allowed for the `script-src-attr` policy: - ```http -Content-Security-Policy: script-src-attr ; -Content-Security-Policy: script-src-attr ; +Content-Security-Policy: script-src-attr 'none'; +Content-Security-Policy: script-src-attr ; ``` +This directive may have either: + +- the single keyword value `'none'`, meaning that no resources of this type may be loaded +- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions. + +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). + `script-src-attr` can be used in conjunction with {{CSP("script-src")}}, and will override that directive for checks on inline handlers: ```http @@ -49,10 +54,6 @@ Content-Security-Policy: script-src ; Content-Security-Policy: script-src-attr ; ``` -### Sources - -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). - ## Examples ### Violation case diff --git a/files/en-us/web/http/headers/content-security-policy/script-src-elem/index.md b/files/en-us/web/http/headers/content-security-policy/script-src-elem/index.md index 97c6e8b9963b6ed..5ba5ce17e35a12a 100644 --- a/files/en-us/web/http/headers/content-security-policy/script-src-elem/index.md +++ b/files/en-us/web/http/headers/content-security-policy/script-src-elem/index.md @@ -35,13 +35,18 @@ It does not apply to other JavaScript sources that can trigger script execution, ## Syntax -One or more sources can be allowed for the `script-src-elem` policy: - ```http -Content-Security-Policy: script-src-elem ; -Content-Security-Policy: script-src-elem ; +Content-Security-Policy: script-src-elem 'none'; +Content-Security-Policy: script-src-elem ; ``` +This directive may have either: + +- the single keyword value `'none'`, meaning that no resources of this type may be loaded +- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions. + +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). + `script-src-elem` can be used in conjunction with {{CSP("script-src")}}: ```http @@ -49,10 +54,6 @@ Content-Security-Policy: script-src ; Content-Security-Policy: script-src-elem ; ``` -### Sources - -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). - ## Examples ### Violation case diff --git a/files/en-us/web/http/headers/content-security-policy/script-src/index.md b/files/en-us/web/http/headers/content-security-policy/script-src/index.md index 7674c6df9b723e6..0527db048bc9898 100644 --- a/files/en-us/web/http/headers/content-security-policy/script-src/index.md +++ b/files/en-us/web/http/headers/content-security-policy/script-src/index.md @@ -31,16 +31,17 @@ The HTTP {{HTTPHeader("Content-Security-Policy")}} (CSP) **`script-src`** direct ## Syntax -One or more sources can be allowed for the `script-src` policy: - ```http -Content-Security-Policy: script-src ; -Content-Security-Policy: script-src ; +Content-Security-Policy: script-src 'none'; +Content-Security-Policy: script-src ; ``` -### Sources +This directive may have either: + +- the single keyword value `'none'`, meaning that no resources of this type may be loaded +- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions. -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). ## Examples diff --git a/files/en-us/web/http/headers/content-security-policy/style-src-attr/index.md b/files/en-us/web/http/headers/content-security-policy/style-src-attr/index.md index 685829ddfbe8468..251f2a8bf599c42 100644 --- a/files/en-us/web/http/headers/content-security-policy/style-src-attr/index.md +++ b/files/en-us/web/http/headers/content-security-policy/style-src-attr/index.md @@ -36,13 +36,18 @@ These are set using {{CSP("style-src-elem")}} (and valid sources for all styles ## Syntax -One or more sources can be allowed for the `style-src-attr` policy: - ```http -Content-Security-Policy: style-src-attr ; -Content-Security-Policy: style-src-attr ; +Content-Security-Policy: style-src-attr 'none'; +Content-Security-Policy: style-src-attr ; ``` +This directive may have either: + +- the single keyword value `'none'`, meaning that no resources of this type may be loaded +- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions. + +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). + `style-src-attr` can be used in conjunction with {{CSP("style-src")}}: ```http @@ -50,10 +55,6 @@ Content-Security-Policy: style-src ; Content-Security-Policy: style-src-attr ; ``` -### Sources - -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). - ## Examples ### Violation cases diff --git a/files/en-us/web/http/headers/content-security-policy/style-src-elem/index.md b/files/en-us/web/http/headers/content-security-policy/style-src-elem/index.md index 0e7fcd0db94f2fe..df3f4e2509a90c7 100644 --- a/files/en-us/web/http/headers/content-security-policy/style-src-elem/index.md +++ b/files/en-us/web/http/headers/content-security-policy/style-src-elem/index.md @@ -35,13 +35,18 @@ The directive does not set valid sources for inline style attributes; these are ## Syntax -One or more sources can be allowed for the `style-src-elem` policy: - ```http -Content-Security-Policy: style-src-elem ; -Content-Security-Policy: style-src-elem ; +Content-Security-Policy: style-src-elem 'none'; +Content-Security-Policy: style-src-elem ; ``` +This directive may have either: + +- the single keyword value `'none'`, meaning that no resources of this type may be loaded +- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions. + +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). + `style-src-elem` can be used in conjunction with {{CSP("style-src")}}: ```http @@ -49,10 +54,6 @@ Content-Security-Policy: style-src ; Content-Security-Policy: style-src-elem ; ``` -### Sources - -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). - ## Examples ### Violation cases diff --git a/files/en-us/web/http/headers/content-security-policy/style-src/index.md b/files/en-us/web/http/headers/content-security-policy/style-src/index.md index 7f0773313be6d4f..829cd281be4d8c7 100644 --- a/files/en-us/web/http/headers/content-security-policy/style-src/index.md +++ b/files/en-us/web/http/headers/content-security-policy/style-src/index.md @@ -31,16 +31,17 @@ The HTTP {{HTTPHeader("Content-Security-Policy")}} (CSP) **`style-src`** directi ## Syntax -One or more sources can be allowed for the `style-src` policy: - ```http -Content-Security-Policy: style-src ; -Content-Security-Policy: style-src ; +Content-Security-Policy: style-src 'none'; +Content-Security-Policy: style-src ; ``` -### Sources +This directive may have either: + +- the single keyword value `'none'`, meaning that no resources of this type may be loaded +- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions. -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). ## Examples diff --git a/files/en-us/web/http/headers/content-security-policy/worker-src/index.md b/files/en-us/web/http/headers/content-security-policy/worker-src/index.md index 5ea3572df1b98ae..c943eb8399d1eec 100644 --- a/files/en-us/web/http/headers/content-security-policy/worker-src/index.md +++ b/files/en-us/web/http/headers/content-security-policy/worker-src/index.md @@ -39,16 +39,17 @@ scripts. ## Syntax -One or more sources can be allowed for the `worker-src` policy: - ```http -Content-Security-Policy: worker-src ; -Content-Security-Policy: worker-src ; +Content-Security-Policy: worker-src 'none'; +Content-Security-Policy: worker-src ; ``` -### Sources +This directive may have either: + +- the single keyword value `'none'`, meaning that no resources of this type may be loaded +- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions. -`` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources). +The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). ## Examples