secure icon indicating copy to clipboard operation
secure copied to clipboard
verified publisher icon unrolled

Add a Content Security Policy builder

Open bramp opened this issue 5 years ago • 2 comments

Content Security policies can be a long and complex string. Is it worth creating a simple function/struct/builder to make constructing these easier, and in a less error prone way? Something like:

secure.Options{
  ContentSecurityPolicy: secure.ContentSecurityPolicy{
    DefaultSrc: ["self"],
    ScriptSrc: ["self", "www.google-analytics.com"]
  }
}

bramp avatar Jul 20 '20 00:07 bramp

I think that would be a good idea. For backswards compatibility, I wonder if we can do something like:

cspOptions := secure.ContentSecurityPolicyOptions{
    DefaultSrc: ["self"],
    ScriptSrc: ["self", "www.google-analytics.com"]
  }
secure.Options{
  ContentSecurityPolicy: cspOptions.Compile() // or .String()?
}

unrolled avatar Jul 21 '20 15:07 unrolled

Yes, .String() sounds better for backwards compatibility. And then other people could possibly reuse that aspect of the library if they wish.

While I don't have a lot of free time, is be happy to contribute this.

bramp avatar Jul 21 '20 16:07 bramp

I guess this is still available? If so, I would like to help :slightly_smiling_face:

robot-5 avatar Aug 16 '22 15:08 robot-5

I guess this is still available? If so, I would like to help 🙂

No one is currently working on this, so any help would be greatly appreciated!

unrolled avatar Aug 17 '22 19:08 unrolled

Resolved by https://github.com/unrolled/secure/pull/86

unrolled avatar Sep 06 '22 03:09 unrolled