Forum

Hi, which is the right way to add multiple 'CustomHeaderClient = Content-Security-Policy: ' to my hiawatha.conf ?
1. CustomHeaderClient = Content-Security-Policy: script-src 'self'
CustomHeaderClient = Content-Security-Policy: block-all-mixed-content
CustomHeaderClient = Content-Security-Policy: img-src https:
CustomHeaderClient = Content-Security-Policy: upgrade-insecure-requests
CustomHeaderClient = Content-Security-Policy: form-action 'none'
or
2. CustomHeaderClient = Content-Security-Policy: script-src 'self'; block-all-mixed-content; img-src https:; upgrade-insecure-requests; form-action 'none'

Regard's
Stavros

Option 2, but that's not Hiawatha related. That HTTP headers allows you to specify multiple options, so you should use that.

P.S.
There is a ':' behind 'https'.

Is the following correct ?

CustomHeaderClient = Content-Security-Policy: script-src 'self'; block-all-mixed-content; img-src https; upgrade-insecure-requests; form-action 'none'

As a Hiawatha configuration line, it is correct. Can't tell if the HTTP header it contains is correct for you.

Thank you Hugo. I will check about the HTTP Header later. I was interest for the hiawatha configuration line.