Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow CSP to fallback to default-src #1490

Merged
merged 3 commits into from Mar 13, 2020
Merged

Allow CSP to fallback to default-src #1490

merged 3 commits into from Mar 13, 2020

Commits on Nov 4, 2018

  1. Allow content source to fallback to default-src 

    Remove defaults for script-src, style-src, connect-src, and img-src
so that they can fallback to default-src. The default for default-src
has been changed from 'none' to 'self'. This seems to be a safe default
especially as browsers implement prefetch-src. If stricter policies are
needed they can be specified when loading this middleware.
    @jkowens
    jkowens committed Nov 4, 2018
    Copy the full SHA
    4758d5f View commit details
    Browse the repository at this point in the history

  2. Add support for webrtc-src, navigate-to, and prefetch-src directives

    @jkowens
    jkowens committed Nov 4, 2018
    Copy the full SHA
    c4485fb View commit details
    Browse the repository at this point in the history

Commits on Mar 13, 2020

  1. Merge branch 'master' into master

    @jkowens
    jkowens committed Mar 13, 2020
    Copy the full SHA
    7c055f2 View commit details
    Browse the repository at this point in the history