Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Define rules for TT when multiple headers are present #178
Likely, if we decide to stick with CSP (#1), we'd want to apply each policy separately to align with other CSP directive. That means e.g. that the policy name list is the intersection of the lists in all headers.
header('content-security-policy: trusted-types 1a 1b common'); header('content-security-policy: trusted-types 2a 2b common'); header('content-security-policy-report-only: trusted-types 3a 3b; report-uri /');
This header combination should only allow
Currently, in Chrome the last
CSP allows multiple configurations per document.
Might the simplest change be to
2 probably depends on issue #182.