From 42127e9a601065a4e71dca9d4452f1f7248fedda Mon Sep 17 00:00:00 2001 From: Luke Latham <1622880+guardrex@users.noreply.github.com> Date: Tue, 16 Aug 2022 10:41:06 -0500 Subject: [PATCH] Remove deprecated/obsolete CSP directive --- .../blazor/security/content-security-policy.md | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/aspnetcore/blazor/security/content-security-policy.md b/aspnetcore/blazor/security/content-security-policy.md index 620290a3b752..1c022106c99d 100644 --- a/aspnetcore/blazor/security/content-security-policy.md +++ b/aspnetcore/blazor/security/content-security-policy.md @@ -38,7 +38,6 @@ CSP is supported in most modern desktop and mobile browsers, including Chrome, E Minimally, specify the following directives and sources for Blazor apps. Add additional directives and sources as needed. The following directives are used in the *Apply the policy* section of this article, where example security policies for Blazor WebAssembly and Blazor Server are provided: * [base-uri](https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Security-Policy/base-uri): Restricts the URLs for a page's `` tag. Specify `self` to indicate that the app's origin, including the scheme and port number, is a valid source. -* [block-all-mixed-content](https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Security-Policy/block-all-mixed-content): Prevents loading mixed HTTP and HTTPS content. * [default-src](https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Security-Policy/default-src): Indicates a fallback for source directives that aren't explicitly specified by the policy. Specify `self` to indicate that the app's origin, including the scheme and port number, is a valid source. * [img-src](https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Security-Policy/img-src): Indicates valid sources for images. * Specify `data:` to permit loading images from `data:` URLs. @@ -84,7 +83,6 @@ In the `` content of the `wwwroot/index.html` host page, apply the directi ```html