For Workes & Pages, what is the name of the domain?
What is the issue or error you’re encountering
Header auto concatenate with “,” symbol => invalid CSP header
What steps have you taken to resolve the issue?
Merge header => long header => hard to maintain
What are the steps to reproduce the issue?
Currently, Cloudlfare Pages auto join headers with the “,” => incorrect for CSP header
Example:
_headers
Content-Security-Policy: frame-ancestors ‘none’;
Content-Security-Policy: default-src ‘none’;
Expected:
Content-Security-Policy: frame-ancestors ‘none’; default-src ‘none’;
Actual:
Content-Security-Policy: frame-ancestors ‘none’;, default-src ‘none’;
The “,” character will make the CSP header is incorrect
Because there are many configurations for CSP header, I cannot use only one line to write it.
Do we have any other way to config CSP header via _header file?
Many thanks.