Google Services enable child-src directive

  • fippy

    (@dgilfillan)


    2 years, 1 month ago

    When I we enable Google Services:

    Google Youtube
    Google Tag Manager

    It seems to create:

    child-src ‘self’ https://www.youtube.com https://www.googletagmanager.com;

    This despite disabling the CSP Level 2 child directive.

    This kicks up a warning for us:

    The child-src directive is deprecated as of CSP level 3. Authors who wish to regulate nested browsing contexts and workers SHOULD use the frame-src and worker-src directives, respectively.

    Should/could these be updated so the correct directives are used when enabling these Google Services?

  • The topic ‘Google Services enable child-src directive’ is closed to new replies.