I have a FQDN in my CSP:
The source list for the Content Security Policy directive 'img-src' contains an invalid source: 'xxx.de.'. It will be ignored.
This is my csp:
default-src 'self'; script-src 'self' 'unsafe-inline'
'unsafe-eval' www.xxx.de; style-src 'self' 'unsafe-inline';
font-src 'self' data:; img-src 'self' xxx.de.; frame-src 'self'
www.youtube-nocookie.com xxx.de;
Why are domains having a dot at the end not allowed in CSP?
I need to link to this URL, and I need to have a CSP, this is my current CSP, the spec does not appear to allow me to describe the URL I have, how can I work around this?
The spec is simply wrong. A dot as the last character of the domain should be allowed.