Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow nonceEnabled to take a single boolean value #98

Open
2 of 9 tasks
StephanBijzitter opened this issue Jul 31, 2021 · 2 comments · May be fixed by #101
Open
2 of 9 tasks

Allow nonceEnabled to take a single boolean value #98

StephanBijzitter opened this issue Jul 31, 2021 · 2 comments · May be fixed by #101

Comments

@StephanBijzitter
Copy link

StephanBijzitter commented Jul 31, 2021
edited

Description

Describe your issue here.

What type of issue is this? (place an x in one of the [ ])

  • bug
  • enhancement (feature request)
  • question
  • documentation related
  • testing related
  • discussion

Requirements (place an x in each of the [ ])

  • I've read and understood the Contributing guidelines and have done my best effort to follow them.
  • I've read and agree to the Code of Conduct.
  • I've searched for any related issues and avoided creating a duplicate issue.

Feature Request:

Being able to enable/disable nonces for each directive is really nice, but in my specific case I want to disable all usage of nonces and the list of directives is steadily growing. If csp-html-webpack-plugin updates and adds support for a new directive, I have to remember to disable that one too, and truth be told: I'll likely forget to do that.

If the option could take a value of true to enable all (supported) directives and false to disable all, that'd be pretty nice :-)

As an example:

before:

            nonceEnabled: {
                'base-uri': false,
                'child-src': false,
                'connect-src': false,
                'default-src': false,
                'font-src': false,
                'form-action': false,
                'frame-ancestors': false,
                'frame-src': false,
                'img-src': false,
                'manifest-src': false,
                'media-src': false,
                'object-src': false,
                'script-src': false,
                'style-src': false,
                'trusted-types': false,
                'worker-src': false
            }

after:

            nonceEnabled: false
@AnujRNair
Copy link
Contributor

That sounds good to me - would you be interested in adding this feature and test to the plugin?
Thanks

@StephanBijzitter
Copy link
Author

Sure!

StephanBijzitter added a commit to StephanBijzitter/csp-html-webpack-plugin that referenced this issue Sep 15, 2021
@StephanBijzitter
Allow nonceEnabled and hashEnabled to take single boolean values
871d133 
Providing a single boolean value to either of these options will now apply
the value to each provided policy directive.

Closes slackhq#98
@StephanBijzitter StephanBijzitter linked a pull request Sep 15, 2021 that will close this issue
Open
4 tasks
StephanBijzitter added a commit to StephanBijzitter/csp-html-webpack-plugin that referenced this issue Sep 15, 2021
@StephanBijzitter
Allow nonceEnabled and hashEnabled to take single boolean values
1be6906 
Providing a single boolean value to either of these options will now apply
the value to each provided policy directive.

Closes slackhq#98
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@AnujRNair @StephanBijzitter