We host websites and web services for several clients and use HAProxy as a HA/distribution system.
I am looking at implementing a content security policy to allow scripts from various third parties. I have found a configuration line that will implement the content security policy on the backend for each service, but I would like to implement a standard policy across all services to allow changes to be made in a single place rather than multiple changes.
The statement I have for is (ignore the websites):
http-response set-header Content-Security-Policy:script-src https://www.google-analytics.com; https://q.quora.com
Is it possible to add a similar statement to be implemented in all backends? Alternatively, can the scrip-src be added to an ACL?
1 post - 1 participant