I want to serve a lenient CSP to my self and another person(s), but have a strict CSP for everyone else. The code I currently use works when I just use my own IP, but I can't figure out how to add another. I'm a beginner at all of this so keep that in mind. I found the for this snippet here (the only place I've seen it): https://blog.paranoidpenguin.net/2017/12/deploy-different-content-security-policies-csps-using-the-apache-if-directive/
And here is my code:
<IfModule mod_headers.c>
# Serve CSP based on client IP
<If "-R 'MY IP'">
Header always set Content-Security-Policy "default-src 'self'; script- src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' data:"
</If>
Aucun commentaire:
Enregistrer un commentaire