
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Allow all subdomains in Content Security Policy
Hello,
We making an app that shows instagram images, i'm having trouble because the Image Links keep changing, especially the subdomains. I would need to allow all subdomains of https://www.cdninstagram.com .
I tried *.cdninstagram.com (image attached) but its says that have invalid characters.
Does anyone know how to release all subdomains in Content Security Policy?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I think Qlik SaaS will consider '*' as an invalid character because it only supports the address of the origin in the following format: domain.com.
Example 5 from this docs might help : https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP#examples_common_use_cases
Regards,

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
But in the example 5 he allows every domain that have images, i want to do that in the same way but only for certain domains.
If I add: scontent-iad3-1.cdninstagram.com (The subdomain that is currently been used to storage my pages images in Instagram) it works but in time to time this subdomain change, for example to: scontent-atl3-2.cdninstagram.com than the images stop working.
Thats why i would need the '*' before domain.com.
This is a limitation of CSP and the only way that i can use this images is keep adding new subdomains that will appear?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Somebody else is having the same problem?
I need to keep monitoring when the URL's change and add it to the content security policy.
Like for example these facebook URL's:
scontent-dfw5-1.xx.fbcdn.net
scontent-lga3-2.xx.fbcdn.net
scontent-dfw5-2.xx.fbcdn.net
Shouldn't there be a '*' option for all subdomains?
Regards,
