ehmicky
ehmicky
**Is your feature request related to a problem? Please describe.** With `@middy/http-security-headers`, the CSP HTTP header is always named `Content-Security-Policy`. It would be nice to be able to use [`Content-Security-Policy-Report-Only`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only)...
By default, the `Vary: Origin` response header is set, which is good. However, it is not set if the `Origin` request header is missing (i.e. on non-CORS requests). https://github.com/expressjs/cors/blob/53312a5bee605e2486fa734756abb3c0bc2f891d/lib/index.js#L220-L222 That's...
The `Vary` HTTP response header is useful to ensure proper caching of CORS responses and prevent cache poisoning. However, it comes with a downside: (potentially significantly) increasing the cache size,...
The standard forbids using `*` in the `Access-Control-Allow-Origin`, `Access-Control-Expose-Headers`, `Access-Control-Allow-Methods`, or `Access-Control-Allow-Headers` response header, if the `Access-Control-Allow-Credentials` request header is set to `true`. https://fetch.spec.whatwg.org/#cors-protocol-and-credentials https://fetch.spec.whatwg.org/#http-new-header-syntax Right now, this module allows...
This is a bug with Node.js, described in https://github.com/nodejs/node/issues/57669. Let's see how the discussion on the Node.js repository goes before deciding on any workaround.
This is a bug with Node.js, described in https://github.com/nodejs/node/issues/42923#issuecomment-2762174940 Let's see how the discussion on the Node.js repository goes before deciding on any workaround.
If `--engine-strict` is used, `npm install` fails with: ``` npm error code EBADENGINE npm error engine Unsupported engine npm error engine Not compatible with your version of node/npm: [email protected] npm...