helmet icon indicating copy to clipboard operation
helmet copied to clipboard

Published 20 hours ago verified publisher icon helmetjs

helmet default directives doesnt match helmet-csp default directives

Open NihilumPlays opened this issue 9 months ago • 2 comments

while going from helmet to helmet csp i noticed that form-action 'self' is not part of helmet-csp default directives.

is there a reason for this? is it safe to omit form-acion?

i see you maintain both libraries so im just wondering about the difference

NihilumPlays avatar Apr 27 '24 02:04 NihilumPlays

Good point. helmet-csp is out of date. I'll update it.

EvanHahn avatar Apr 27 '24 22:04 EvanHahn

For anyone running into this as well you can add a form-action: 'self' manually as a temporay fix if you're using helmet-csp

NihilumPlays avatar Apr 28 '24 06:04 NihilumPlays

Published [email protected] to fix this. Thanks for reporting!

EvanHahn avatar Jun 01 '24 17:06 EvanHahn