bepsvpt / secure-headers

Can it work? "Content-Security-Policy" : "upgrade-insecure-requests"

You can set upgrade-insecure-requests to true. You can find the relevant configuration at

secure-headers/config/secure-headers.php

Lines 490 to 491 in d08427a

    
           // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests 
        
           'upgrade-insecure-requests' => false,

Ok thanks.

how do I write the permissions policy?

'ambient-light-sensor' => [
'none' => false,

        '*' => false,

        'self' => true,

        'origins' => [https://domain.com],
    ],
    
    Is what I wrote correct?
    
    The following appears in the console to me:
    
    Error in console is = Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.

Not all browsers support this directive. You can check the compatibility at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/ambient-light-sensor#browser_compatibility.

Thank you very much for answering.

Can you ignore those warnings?

How safe is it to use upgrade-insecure-requests?

Can you ignore those warnings?

This is a browser warning; if the browser does not support this directive, it will simply be ignored.

How safe is it to use upgrade-insecure-requests?

If your site is fully SSL (including the site itself, API requests, embedded images, and videos), it is safe to enable this directive.

Closed due to inactivity. Please feel free to open a new issue if you have any further questions.

	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests
	'upgrade-insecure-requests' => false,

How can I apply the following in the "Content-Security-Policy" ?