naepalm
commented
6 years ago @dawoe This is great feedback and I can definitely update it to allow a report-only option that can be applied to the XML. Thanks! I'll put it on my list to update it :)
Open dawoe opened 6 years ago
naepalm
commented
6 years ago @dawoe This is great feedback and I can definitely update it to allow a report-only option that can be applied to the XML. Thanks! I'll put it on my list to update it :)
Sometimes it comes in handy to set your CSP (eg during dev) to report only by using the header :
Content-Security-Policy-Report-OnlyThis won't block the resources, but will report in the console if you have potential issues. This comes in handy when you are adding it to a existing site.