'Content security policy Subdomain of subdomain

I am trying to make a CSP for my system. I know that for the domay I need 'self'. For my subdomains I need *.mywebsite.com (if I use the wildcard function). But what if I have a subdomain of my subdomain? something like test1.test2.mywebsite.com. Will the wildcard still work?

content-security-policy


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Jenkins Content Security Policy

content-security-policy doesn't work; I want to have my website load in an iFrame on ONE other website only

Adding nonce value to @Scripts.Render ASP.Net MVC razor pages with NWebSec

Iframe in Chrome error: Failed to read 'localStorage' from 'Window': Access denied for this document

How do I allow the Geolocation API inside an iframe?

Content Security Policy directive: "default-src 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback

Why won't my content security policy deploy to CloudFront?

Script causes “Refused to execute inline script: Either the 'unsafe-inline' keyword, a hash… or a nonce is required to enable inline execution”

Why can't Mozilla observatory detect the http security headers on my website anymore?

Angular build generates index.html with <style> tag

Content Security Policy violation with Bootstrap 5

How to have Cypress go through every page on site to see if there are any console errors and if so, make it known to the user running the test

Angular application throwing "inline style..." error due to CSP response header configured on server

Chrome Extension: Refused to load the script, because it violates the following Content Security Policy directive: "script-src 'self'"

Unable to use dynamic svg url in github Readme.md