csp

csp copied to clipboard

Hi! Can you specify license for code in repo and npm packages?

deviun

The "'none'" value is used to indicate that no resources are allowed. If the "'none'" value is used in combination with other resources, it should be ignored as defined by...

milo526

If we create a preset from policies, a directive might get both the `'none'` and other source values. ```javascript console.log( getCSP({ presets: { default: { 'connect-src': [NONE], }, api: {...

milo526

The const ALLOW_SCRIPTS seem to have the wrong value `allow-allow-scripts` when it should probably be `allow-scripts`: Problematic(?) code: https://github.com/frux/csp/blob/0f1ac23982c1af018645f4567291fac1edf76445/packages/csp-header/src/constants/values.ts#L17 Right value: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/sandbox#allow-scripts

akn-trackunit

I'm using the `csp-header` package in a browser environment to dynamically build Content Security Policies, which are then included in child iframes via `meta` tags. Currently, the package only provides...

alexandersorokin