I’m trying to set my Content-Security-Policy header in .htaccess.
I’ve already tried a variation of the answer to this post but it doesnt work. All my fontawesome icons are broken.
Header always set Content-Security-Policy: "default-src 'self'; style-src *.fontawesome.com"
I’ve also tried using
I’ve tried setting it with a
<meta> tag in my site
<head> as well but got the same result.
When using an .htaccess validator I receive the error: “Fatal: Header has too many arguments”
I’m currently receiving this error for this header in particular:
Header set Content-Security-Policy: default-src 'self'; script-src 'self' *.wpengine.com *.hotjar.com; style-src 'self' *.wpengine.com *.fontawesome.com; img-src 'self'; font-src 'self' *.fontawesome *.google.com; connect-src *; media-src *; object-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action *; upgrade-insecure-requests; block-all-mixed-content; referrer no-referrer-when-downgrade
What am I doing wrong?
The header value must be quoted if it is meant to contain whitespace.
Your first example properly quotes the value, but your second example does not.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.