How can I apply the following in the "Content-Security-Policy" ?
Nemachtilli opened this issue · comments
Can it work? "Content-Security-Policy" : "upgrade-insecure-requests"
You can set upgrade-insecure-requests
to true
. You can find the relevant configuration at
secure-headers/config/secure-headers.php
Lines 490 to 491 in d08427a
Ok thanks.
how do I write the permissions policy?
'ambient-light-sensor' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [https://domain.com],
],
Is what I wrote correct?
The following appears in the console to me:
Error in console is = Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
Not all browsers support this directive. You can check the compatibility at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/ambient-light-sensor#browser_compatibility.
Thank you very much for answering.
Can you ignore those warnings?
How safe is it to use upgrade-insecure-requests?
Can you ignore those warnings?
This is a browser warning; if the browser does not support this directive, it will simply be ignored.
How safe is it to use upgrade-insecure-requests?
If your site is fully SSL (including the site itself, API requests, embedded images, and videos), it is safe to enable this directive.
Closed due to inactivity. Please feel free to open a new issue if you have any further questions.