|string|null */ public string | array | null $defaultSrc = null; /** * Lists allowed scripts' URLs. * * @var list|string */ public string | array $scriptSrc = 'self'; /** * Lists allowed stylesheets' URLs. * * @var list|string */ public string | array $styleSrc = 'self'; /** * Defines the origins from which images can be loaded. * * @var list|string */ public string | array $imageSrc = 'self'; /** * Restricts the URLs that can appear in a page's `` element. * * Will default to self if not overridden * * @var list|string|null */ public string | array | null $baseURI = null; /** * Lists the URLs for workers and embedded frame contents * * @var list|string */ public string | array $childSrc = 'self'; /** * Limits the origins that you can connect to (via XHR, WebSockets, and EventSource). * * @var list|string */ public string | array $connectSrc = 'self'; /** * Specifies the origins that can serve web fonts. * * @var list|string */ public string | array $fontSrc; /** * Lists valid endpoints for submission from `

` tags. * * @var list|string */ public string | array $formAction = 'self'; /** * Specifies the sources that can embed the current page. This directive applies to ``, `