SecureHeaders icon indicating copy to clipboard operation
SecureHeaders copied to clipboard

Published 20 hours ago verified publisher icon aidantwoods

More intuitive config

Open aidantwoods opened this issue 8 years ago • 0 comments

Some stuff is really easy and hard to guess a way of using it wrong (see: https://github.com/aidantwoods/SecureHeaders/wiki/csp).

Other configuration might be a little harder to remember off hand (see: https://github.com/aidantwoods/SecureHeaders/wiki/auto).

This issue to to discuss whether we can do the "toggle like" configuration a bit better. Policies should stay as-is IMO (like CSP), but for configuring behaviour like in auto – we might be able to do better.

Should we create some kind of standardised config object or methodology that we could use to at least sub-category some of the stuff going on in auto (and probably being added to strict mode RE 'strict-dynamic' injection, see #56).

Or should we create a new function to configure (like https://github.com/aidantwoods/SecureHeaders/wiki/sameSiteCookies for SameSite's variable default override).

aidantwoods avatar Jul 26 '17 21:07 aidantwoods