w3c · arichiv · Aug 17, 2022 · Aug 29, 2022 · Aug 29, 2022 · Aug 29, 2022
diff --git a/index.bs b/index.bs
@@ -338,13 +338,16 @@ spec: HEADER-STRUCTURE; urlPrefix: https://httpwg.org/http-extensions/draft-ietf
       <dfn>serialized-policy-directive</dfn> = <a>feature-identifier</a> RWS <a>allow-list</a>
       <dfn>feature-identifier</dfn> = 1*( ALPHA / DIGIT / "-")
       <dfn>allow-list</dfn> = <a>allow-list-value</a> *(RWS <a>allow-list-value</a>)
-      <dfn>allow-list-value</dfn> = <a>serialized-origin</a> / "*" / "'self'" / "'src'" / "'none'"
+      <dfn>allow-list-value</dfn> = <a>serialized-origin</a> / <a>serialized-origin-with-wildcard-subdomain</a> / "*" / "'self'" / "'src'" / "'none'"
     </pre>
     <p><dfn><code>serialized-origin</code></dfn> is the
     <a>serialization of an origin</a>. However, the code points U+0027 ('),
     U+0021 (*), U+002C (,) and U+003B (;) MUST NOT appear in the serialization.
     If they are required, they must be percent-encoded as "`%27`", "`%2A`",
     "`%2C`" or "`%3B`", respectively.</p>
+    <p><dfn><code>serialized-origin-with-wildcard-subdomai</code></dfn> is a
+    <a>serialized-origin</a> with (1) a <a>registrable domain</a> for the <a>host</a>
+    and (2) a "*." inserted before the <a>host</a> in the serialization.</p>
     <div class="note">
       The string "<code>'self'</code>" may be used as an origin in an allowlist.
       When it is used in this way, it will refer to the origin of the document