Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSP: document functions as directive values #404

Open
EvanHahn opened this issue Mar 10, 2023 · 0 comments
Open

CSP: document functions as directive values #404

EvanHahn opened this issue Mar 10, 2023 · 0 comments
Assignees
@EvanHahn

Comments

@EvanHahn
Copy link
Member

You can use functions as directive values in the contentSecurityPolicy middleware. See tests.

This is poorly-documented and we should add a note about it.
@EvanHahn EvanHahn mentioned this issue Mar 10, 2023
Closed
@EvanHahn EvanHahn self-assigned this Mar 26, 2023
webketje added a commit to webketje/helmet that referenced this issue Apr 24, 2024
@webketje
Resolves helmetjs#404, updates content-security-policy README
6eac4e3 
- replaces HTML5Rocks URL with web.dev (redirect), add links to relevant MDN docs
- adds doc sections/ anchors for defaults, computed directives, disabling directives, and report only header
- clarifies that defaultSrc will default to 'self' (and is thus not required to the user) when useDefaults: true
- solves helmetjs#404, documents function signature and adds conditional CDN script-src loading example
- adds a common recipe to generate subresource-integrity hashes
- documents caveat of non-hostname values mentioned in helmetjs#454
@webketje webketje mentioned this issue Apr 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@EvanHahn EvanHahn

Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@EvanHahn