New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple policy support for Content-Security-Policy #2736
Conversation
Codecov Report
@@ Coverage Diff @@
## dev #2736 +/- ##
==========================================
+ Coverage 99.91% 99.91% +<.01%
==========================================
Files 23 23
Lines 1211 1225 +14
==========================================
+ Hits 1210 1224 +14
Misses 1 1
Continue to review full report at Codecov.
|
feebd6a
to
f9b757b
Compare
f9b757b
to
a403205
Compare
3915f29
to
1fd52e8
Compare
@pi0 hello :) could you please review this? |
Wow! This is a great PR! Thank you @dojineko |
@Atinux thx! |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
this PR make it possible to set multiple policies on CSP. (default-src, object-src, etc...)
e.g.)
default-src 'none'; script-src 'self' 'sha-256:...' https://exmaple.test
see also: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
and, still remains csp.allowedSources ;)
refs: