Show allowing websocket connections
nathanl opened this issue · 2 comments
nathanl commented
It's not easy to find good documentation on allowing web sockets. https://outlandish.com/blog/configure-content-security-policy-with-websockets-and-express/ claims you need the domain, but connect-src 'self' ws: wss: seems to be working for me.
rugk commented
Well there is certainly somewhat of doc findable: https://stackoverflow.com/questions/32986074/content-security-policy-meta-tag-for-allowing-web-socket#41389590
However, I agree it may be a good idea to add a proper doc here.
rugk commented
Though it's kinda already mentioned: https://content-security-policy.com/connect-src/