Open jtbandes opened 2 weeks ago
Nice catch, ill put up a PR for this when i'm back from holiday (1 week or so)
Thanks for trying it out!
No worries! FWIW, I ended up not using this library and writing my own small plugin inline, since I wanted more direct control of the final CSP: https://github.com/jtbandes/mbox.wtf/blob/923bf704e3405b17373abbe994f93b0b71187a29/vite.config.ts#L19 But really appreciate the example since I don't think I would have figured out how to do it without your library as a reference 😄
It looks like the intent is to allow overriding the DEFAULT_POLICY, however this code will always merge in
defaultValues
(assuming the user conforms to the typescript types, which require thatuserValues
isstring[] | undefined
): https://github.com/RockiRider/csp/blob/aa1ea7abb82e28afafbe0f7bfb1138a4031d0c82/packages/vite-plugin-csp-guard/src/utils.ts#L51-L59i.e.
Array.isArray(userValues)
is always true. This means it's currently impossible to completely override the default values.