You could try for = "/*.html". This should make any headers defined for that only affect files with that extension and I think it should work for implicit files too (paths that end with a slash that has an index.html file). Could you give that a try?
It does work. If you go to: https://5e00e2e86a200d0007b165cf--simonhearne.netlify.com/index.html, where the path includes the file name and extension, you’ll see the headers you defined. Note that header rules are cumulative so if you set the same header with different values than the ones our system sets, your values should override the default.
With regards to specific paths/ filetypes, what you see is what you get. The redirect rule I showed you is meant to make a rule apply only to the specific filetype. That said, I’m not sure what you mean for="*" but for that rule to only apply to certain paths/ filetypes. The for property is what you use to define what the rule applies to.
Perhaps I’m not understanding what your need is. If you can provide more specific details, like what you end goal is, I’ll try to provide better advice.
Ideally, I’d like the following URLs to have the CSP headers:
And the following URLs to not have the CSP headers:
IMHO, the cleanest way to do this would not be go via overrides, but to have an additional way to apply headers only to specific media types. It could be “additive”, allowing to apply headers only for a specific path and for a specific media type:
Like @pablot I’m also after a way to target html pages so I can apply CSP and feature policy headers only to them. There’s no need for other files to have these headers (and probably many others) and they can be rather bulky. A media type matcher would be perfect for this.