Multiple policy support for Content-Security-Policy

[dojineko]

this PR make it possible to set multiple policies on CSP. (default-src, object-src, etc...)
e.g.) default-src 'none'; script-src 'self' 'sha-256:...' https://exmaple.test

see also: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

and, still remains csp.allowedSources ;)

refs:

• How can I configure to load external resources of Content-Security-Policy(CSP)? #2606
• External script support for CSP #2608

[codecov-io]

Codecov Report

Merging #2736 into dev will increase coverage by <.01%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##              dev    #2736      +/-   ##
==========================================
+ Coverage   99.91%   99.91%   +<.01%     
==========================================
  Files          23       23              
  Lines        1211     1225      +14     
==========================================
+ Hits         1210     1224      +14     
  Misses          1        1

Impacted Files	Coverage Δ
lib/common/options.js	100% <ø> (ø)	⬆️
lib/core/middleware/nuxt.js	100% <100%> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1582df1...1fd52e8. Read the comment docs.

[dojineko]

@pi0 hello :) could you please review this?

[Atinux]

Wow! This is a great PR! Thank you @dojineko

[dojineko]

@Atinux thx!

[dojineko]

@qm3ster
oops, it's no longer necessary shallow-copy.
thx for ur feedback. it will be fix it on #2945

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.