CSP navigation directives are used in a Content-Security-Policy
header and govern to which location a user can navigate to or submit a form to, for example.
Navigation directives don't fall back to the default-src
directive.
List of CSP Navigation directives
form-action
- Restricts the URLs which can be used as the target of a form submissions from a given context.
frame-ancestors
- Specifies valid parents that may embed a page using
<frame>
,<iframe>
,<object>
,<embed>
, or<applet>
. navigate-to
- Restricts the URLs to which a document can initiate navigation by any means, including
<form>
(ifform-action
is not specified),<a>
,window.location
,window.open
, etc.