Skip to content
This repository has been archived by the owner on Aug 3, 2020. It is now read-only.

add support for base-uri #67

Closed
selfagency opened this issue Oct 30, 2017 · 6 comments
Closed

add support for base-uri #67

selfagency opened this issue Oct 30, 2017 · 6 comments
Labels
in progress

Comments

@selfagency
Copy link

it's in csp2 and mozilla's observer is using it to judge the security of sites

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/base-uri
@EvanHahn
Copy link
Member

I believe base-uri is already supported, though not properly documented. Does something like this work for you?

app.use(csp({
  directives: {
    baseUri: ['https://example.com']
  }
}))

@wolfgang42
Copy link

I had the same confusion; baseUri works fine but I had to take a guess that it might work since it's not documented.

@EvanHahn
Copy link
Member

EvanHahn commented Dec 4, 2017
edited

Good point. I'll document this now.

@EvanHahn
Copy link
Member

EvanHahn commented Dec 4, 2017

Documented in e0265b0 and on the docs site.

@EvanHahn EvanHahn closed this as completed Dec 4, 2017
@wolfgang42
Copy link

Thanks, that's much better!

@EvanHahn
Copy link
Member

EvanHahn commented Dec 4, 2017

@wolfgang42 thanks for prodding me, and thanks to @selfagency for reporting the issue!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
in progress
Milestone
No milestone
Development

No branches or pull requests
3 participants
@EvanHahn @wolfgang42 @selfagency