I'm trying to set my Content-Security-Policy header in .htaccess.
I've already tried a variation of the answer to this post but it doesnt work. All my fontawesome icons are broken.
Header always set Content-Security-Policy: "default-src 'self'; style-src *.fontawesome.com"
I've also tried using *.use.fontawesome.com.
I've tried setting it with a <meta> tag in my site <head> as well but got the same result.
When using an .htaccess validator I receive the error: "Fatal: Header has too many arguments"
I'm currently receiving this error for this header in particular:
Header set Content-Security-Policy: default-src 'self'; script-src 'self' *.wpengine.com *.hotjar.com; style-src 'self' *.wpengine.com *.fontawesome.com; img-src 'self'; font-src 'self' *.fontawesome *.google.com; connect-src *; media-src *; object-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action *; upgrade-insecure-requests; block-all-mixed-content; referrer no-referrer-when-downgrade
What am I doing wrong?
Best Answer
The header value must be quoted if it is meant to contain whitespace.
Your first example properly quotes the value, but your second example does not.