IEpubRemoteResourceWhitelistDirective | Colibrio Reader Framework API

Hierarchy

IEpubRemoteResourceWhitelistDirective

Index

Properties

directive

A Content-Security-Policy directive compatible with CSP Level 1 and CSP Level 2.

Please see the following documentation: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#Directives https://content-security-policy.com/

The following directives can be modified when whitelisting sources for remoteResourcesScriptedDocumentsOptions: 'child-src', 'frame-src', 'connect-src', 'default-src', 'font-src', 'img-src', 'media-src', 'object-src', 'script-src', 'style-src'

The following directives can be modified when whitelisting sources for remoteResourcesNonScriptedDocumentsOptions: 'style-src', 'frame-src', 'style-src', 'media-src', 'font-src', 'img-src'

sources

sources: string[]

The list of sources that may be loaded for the specified policy.

Please note that you may need to specify directives in your app's Content-Security-Policy as a element or as a HTTP header as well since those restrictions are inherited by child iframes used for rendering content-documents.

Examples:

domain.example.com Allows loading resources from the specified domain name.
*.example.com Allows loading resources from any subdomain under example.com.
https://cdn.com Allows loading resources only over HTTPS matching the given domain.
https: Allows loading resources only over HTTPS on any domain.
https://*.example.com Allows loading resources only over HTTPS from any subdomain under example.com.
- ```
                 Allow any url.
```

For more examples see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#Directives https://content-security-policy.com/