Directive: manifest src

Overview

The manifest-src directive specifies which Web app manifests can be applied to the resource.

Required reading:

Usage examples

Accepts one or more schemes or hosts, the 'self' keyword, or the 'none' keyword.

manifest-src 'none'

manifest-src 'self'

manifest-src example.com

manifest-src example.com example.org

manifest-src https://*.example.com

manifest-src https:

Fallbacks

✅ manifest-src will fallback to default-src if it is undefined.

default-src
- manifest-src

Possible errors

[ERROR] directive manifest-src has an invalid value

Possible allowed values for manifest-src are:

'none'
A scheme like https:
A host like example.com (internationalized domain names are not permitted and must be converted to punycode first)
A keyword like 'self'
A nonce (although this is highly unusual)
A sha256 hash (although this is highly unusual)

This error message means that the value does not match expected/correct patterns for any of these types.

For developers

ABNF (CSP3)

directive-name  = "manifest-src"
directive-value = serialized-source-list

See ABNF: serialized-source-list

Type

source-list in CSP2
serialized-source-list in CSP3

References

Content licensed under CC BY-SA.

Legend

🧪 Experimental, with limited support
⚠️ Important notes on usage
🚫 Deprecated or obsolete

Directive: manifest src

Overview

Usage examples

Fallbacks

Possible errors

For developers

ABNF (CSP3)

Type

References

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Legend

Directives

Errors

Headers

ABNF

Clone this wiki locally