frame-ancestors signature specified in the docs is misleading & seems incorrect

[Uzwername]

MDN URL

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

What specific section or headline is this issue about?

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors#syntax

What information was incorrect, unhelpful, or incomplete?

Currently, the syntax section states the following:

Content-Security-Policy: frame-ancestors <source>;
Content-Security-Policy: frame-ancestors <source> <source>;

which makes me think that I can have a maximum of 2 ancestor-sources allowed for a given document which isn't true.

What did you expect to see?

Either something like

Content-Security-Policy: frame-ancestors <space separated list of ancestor sources>;

like on the Accept-CH page or something like

Content-Security-Policy: frame-ancestors <source>;

// Multiple ancestor sources separated by a space can be specified:
Content-Security-Policy: frame-ancestors 'self' https://www.example.org https://www.example.com https://store.example.com;

like on the Accept-Language page

Do you have any supporting links, references, or citations?

The spec clearly defines a possibly infinite number of ancestor sources:

directive-name  = "frame-ancestors"
directive-value = ancestor-source-list

ancestor-source-list = ( ancestor-source *( required-ascii-whitespace ancestor-source) ) / "'none'"
ancestor-source      = scheme-source / host-source / "'self'"

Do you have anything more you want to share?

I'd be glad to open a PR to fix it

[sideshowbarker]

@Uzwername Thanks for catching this an reporting it. The existing syntax descriptiong does seem to be misleading

I'd be glad to open a PR to fix it

Super — I’ve gone ahead and assigned this to you