|string|null */ public $defaultSrc; /** * Lists allowed scripts' URLs. * * @var list|string */ public $scriptSrc = 'self'; /** * Lists allowed stylesheets' URLs. * * @var list|string */ public $styleSrc = 'self'; /** * Defines the origins from which images can be loaded. * * @var list|string */ public $imageSrc = 'self'; /** * Restricts the URLs that can appear in a page's `` element. * * Will default to self if not overridden * * @var list|string|null */ public $baseURI; /** * Lists the URLs for workers and embedded frame contents * * @var list|string */ public $childSrc = 'self'; /** * Limits the origins that you can connect to (via XHR, * WebSockets, and EventSource). * * @var list|string */ public $connectSrc = 'self'; /** * Specifies the origins that can serve web fonts. * * @var list|string */ public $fontSrc; /** * Lists valid endpoints for submission from `

` tags. * * @var list|string */ public $formAction = 'self'; /** * Specifies the sources that can embed the current page. * This directive applies to ``, `