Content Security Policy
We have implemented custom CSP rule for our application. In CSP rule there is no option to implement prefetch-src as 'self' . Where should this be implemented ?
I have tried to implement it in response header and it gives me a warning as below:
The Content-Security-Policy directive 'prefetch-src' is implemented behind a flag which is currently disabled.
Also CSP headers are not a part of response on the login screen, and if CSP is added in response header will it be overridden by the CSP rule defined at application level once logged in. How can this be configured?