Redundant directive values

  • Resolved Ambyomoron

    (@josiah-s-carberry)


    3 years, 12 months ago

    I note that in the Current Violations tab, when “Include subdomains” is set, the resulting CSP header contains redundant information. For example:

    default-src 'self' https: mydomain.com *.mydomain.com mysubdomain.mydomain.com;

    The same redundancy occurs with any directive where “include subdomains” is set.

    I can understand including mydomain.com and mysubdomain.mydomain.com, but they are redundant when you also include *.mydomain.com, no?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author bluetriangle

    (@bluetriangle)

    Hey there, thanks for sending this in. We’ll bring this up with our developers and get right back with you. We appreciate the feedback!

    Plugin Author bluetriangle

    (@bluetriangle)

    We’ll close this thread and keep you updated on the other one “Redundant directive values redux.”

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Redundant directive values’ is closed to new replies.