You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue to to discuss whether we can do the "toggle like" configuration a bit better. Policies should stay as-is IMO (like CSP), but for configuring behaviour like in auto – we might be able to do better.
Should we create some kind of standardised config object or methodology that we could use to at least sub-category some of the stuff going on in auto (and probably being added to strict mode RE 'strict-dynamic' injection, see #56).
Some stuff is really easy and hard to guess a way of using it wrong (see: https://github.com/aidantwoods/SecureHeaders/wiki/csp).
Other configuration might be a little harder to remember off hand (see: https://github.com/aidantwoods/SecureHeaders/wiki/auto).
This issue to to discuss whether we can do the "toggle like" configuration a bit better. Policies should stay as-is IMO (like CSP), but for configuring behaviour like in auto – we might be able to do better.
Should we create some kind of standardised config object or methodology that we could use to at least sub-category some of the stuff going on in auto (and probably being added to strict mode RE
'strict-dynamic'injection, see #56).Or should we create a new function to configure (like https://github.com/aidantwoods/SecureHeaders/wiki/sameSiteCookies for SameSite's variable default override).
The text was updated successfully, but these errors were encountered: