Multiple CustomHeaderClient
Kapageridis Stavros
15 August 2017, 16:17
Hi, which is the right way to add multiple 'CustomHeaderClient = Content-Security-Policy: ' to my hiawatha.conf ?
1. CustomHeaderClient = Content-Security-Policy: script-src 'self'
CustomHeaderClient = Content-Security-Policy: block-all-mixed-content
CustomHeaderClient = Content-Security-Policy: img-src https:
CustomHeaderClient = Content-Security-Policy: upgrade-insecure-requests
CustomHeaderClient = Content-Security-Policy: form-action 'none'
or
2. CustomHeaderClient = Content-Security-Policy: script-src 'self'; block-all-mixed-content; img-src https:; upgrade-insecure-requests; form-action 'none'
Regard's
Stavros
Hugo Leisink
15 August 2017, 16:20
Option 2, but that's not Hiawatha related. That HTTP headers allows you to specify multiple options, so you should use that.
P.S.
There is a ':' behind 'https'.
Kapageridis Stavros
15 August 2017, 20:31
Is the following correct ?
CustomHeaderClient = Content-Security-Policy: script-src 'self'; block-all-mixed-content; img-src https; upgrade-insecure-requests; form-action 'none'
Hugo Leisink
16 August 2017, 13:39
As a Hiawatha configuration line, it is correct. Can't tell if the HTTP header it contains is correct for you.
Kapageridis Stavros
16 August 2017, 15:51
Thank you Hugo. I will check about the HTTP Header later. I was interest for the hiawatha configuration line.
This topic has been closed.