Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive
Description
The Content Security Policy (CSP) for this application contains a wildcard (*) in the port portion of a directive source expression. While wildcards are permitted in CSP syntax, using them in port specifications can inadvertently allow connections to unintended ports, potentially weakening the security boundary that CSP is designed to enforce. This configuration may expose the application to risks that the CSP was intended to mitigate.
Remediation
Review the Content Security Policy directives identified in the alert details and replace wildcard port specifications with explicit port numbers. Define only the specific ports required for legitimate resources.
For example, instead of:
Content-Security-Policy: script-src https://example.com:*Use an explicit port specification:
Content-Security-Policy: script-src https://example.com:443If multiple ports are required, list them as separate source expressions:
Content-Security-Policy: script-src https://example.com:443 https://example.com:8443After updating the CSP, test your application thoroughly to ensure all legitimate resources load correctly and no functionality is broken by the more restrictive policy.