Support multiline Content-Security-Policy in _headers

Type

Product improvement

Description

Cloudflare Pages’ _headers file should support multiline headers that are joined by “;” instead of “,”

Benefit

_headers files have nice support for multiline headers that are joined by commas. For example,

/*
  Feature-Policy: document-domain 'none'
  Feature-Policy: layout-animations 'none'

turns into Feature-Policy: document-domain 'none', layout-animations 'none'.

However, some headers are joined by semicolons instead, such as Content-Security-Policy.

/*
  Content-Security-Policy: frame-ancestors 'self';
  Content-Security-Policy: media-src 'self';

turns into Content-Security-Policy: frame-ancestors 'self';, media-src 'self';. An extra comma is inserted.

For what it’s worth, Netlify supports joining with semicolons using the above syntax.