zio-http icon indicating copy to clipboard operation
zio-http copied to clipboard
verified publisher icon zio

support for multiple Content-Security-Policy directives via typed headers

Open dontgitit opened this issue 3 months ago • 0 comments

Is your feature request related to a problem? Please describe. The current implementation of the ContentSecurityPolicy header only supports a single directive. This header typically includes multiple directives.

Describe the solution you'd like I'd like for the CSP header to support multiple directives.

Describe alternatives you've considered There are currently two workarounds;

  1. Using Header.Custom and providing the full CSP as the value
  2. Providing multiple CSP headers, each containing a single directive; however, this is tricky and comes with gotchas

Additional context Mozilla CSP Quick Reference Guide

dontgitit avatar Oct 01 '25 06:10 dontgitit