'How do I merge 2 Content-Security-Policy headers?

I have an existing Content-Security-Policy header in my web.config file:

<add name="Content-Security-Policy" value="default-src https: data: 'unsafe-inline' 'unsafe-eval'" />

I want to add an additional rule:

<add name="Content-Security-Policy" value="frame-ancestors 'self' https://*.example.com" />

How do I add this second header line, so that both these rules can exist and not override each other?

htmliiscontent-security-policy


Solution 1:[1]

I solved it. This is the merged line:

<add name="Content-Security-Policy" value="default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.example.com" />

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Clayton

Related Questions