feat(csp): require-trusted-types-for

Baroshem / nuxt-security

🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware

https://nuxt-security.vercel.app/

MIT License

802 stars 56 forks source link

feat(csp): require-trusted-types-for #526

Open dargmuesli opened 1 day ago

dargmuesli commented 1 day ago

Is your feature request related to a problem? Please describe.

The module seemingly does not support the require-trusted-types-for content security policy.

Describe the solution you'd like

The policy should be added.

Describe alternatives you've considered

Not using this policy 🥲😉

Additional context

Since https://github.com/vuejs/core/pull/10844 and v3.5 Vue supports trusted types.

Baroshem commented 1 day ago

Hey Jonas!

Thanks for rising this issue. I checked the availability of this particular option and it seems that it is not supported by either Mozilla or Safari and I wonder if we should support as we do it with Permissions Policy or focus on the ones that are more known 🤔

Thougths @vejja?

dargmuesli commented 22 hours ago

caniuse shows almost 75% global support. It's not urgent for me though! Just wanted to mention this feature request as it would come up eventually this way or another I'm sure 😁

vejja commented 21 hours ago

We can support it, no problem I think

Baroshem commented 10 minutes ago

@dargmuesli would you be interested in developing this functionality? :)