- 🇯🇵Japan ptmkenny
The patch in #2 needs a re-roll as of csp version 1.21.
- last update
9 months ago 127 pass, 1 fail - last update
9 months ago Composer require failure - last update
9 months ago 127 pass, 1 fail - last update
9 months ago 127 pass, 1 fail - last update
9 months ago Composer require failure - last update
9 months ago 127 pass, 1 fail - 🇨🇦Canada gapple
I'm working through a more comprehensive plan for how sources are included from libraries in 🌱 Improve handling of sources from libraries Active .
I'm inclined towards keeping allowing by domain as default, with the ability to allow by path as a configurable option.
- It's a little unclear, but from what I understand CSP path matching only works on directories and the file name should be excluded: https://www.w3.org/TR/CSP3/#path-part-match
- CSP allows upcasting on
http:
urls, so stripping the protocol is not necessary: https://www.w3.org/TR/CSP3/#scheme-part-match