Add Content-Security-Policy Default directives as found in Helmet #53
Labels
Comments
|
It's important to point out here that there are defaults available on |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
馃尡 Feature Request
Is your feature request related to a problem? Please describe.
As a solution similar to
helmet, it would be beneficial for consumers to have similar defaults, so as to align with other packages features. This would provide consumers with a simple interface to match other packages leveraging helmet defaults. Otherwise, consumers need to specify these in their repositories.You can find the defaults in helmet here
Describe the solution you'd like
Somewhere in the CSP rule, you could allow users to specify they want a set of default directives here: https://github.com/jagaapple/next-secure-headers/blob/master/src/rules/content-security-policy.ts#L226-L238
The behavior of the helmet repository is that if you tell it to include CSP without specifying any directives, it will default to the set defined in the module here
next-secure-headerscan implement something similar by here:https://github.com/jagaapple/next-secure-headers/blob/master/src/rules/content-security-policy.ts#L213-L223
When no directives are passed through, it can default to the same set of directives.
Describe alternatives you've considered
Consumers need to maintain a basic set of default directives for helmet independently when this should rest with the package.
Documentation, Adoption, Migration Strategy
If you can, explain how users will be able to use this and how it might be documented. Maybe a mock-up?
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: