csp icon indicating copy to clipboard operation
csp copied to clipboard
verified publisher icon frux

Wrong allow-scripts header

Open akn-trackunit opened this issue 6 months ago • 0 comments

The const ALLOW_SCRIPTS seem to have the wrong value allow-allow-scripts when it should probably be allow-scripts:

Problematic(?) code: https://github.com/frux/csp/blob/0f1ac23982c1af018645f4567291fac1edf76445/packages/csp-header/src/constants/values.ts#L17

Right value: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/sandbox#allow-scripts

akn-trackunit avatar Jul 14 '25 18:07 akn-trackunit