This issue to to discuss whether we can do the "toggle like" configuration a bit better. Policies should stay as-is IMO (like CSP), but for configuring behaviour like in auto – we might be able to do better.
Should we create some kind of standardised config object or methodology that we could use to at least sub-category some of the stuff going on in auto (and probably being added to strict mode RE 'strict-dynamic' injection, see #56).
Some stuff is really easy and hard to guess a way of using it wrong (see: https://github.com/aidantwoods/SecureHeaders/wiki/csp).
Other configuration might be a little harder to remember off hand (see: https://github.com/aidantwoods/SecureHeaders/wiki/auto).
This issue to to discuss whether we can do the "toggle like" configuration a bit better. Policies should stay as-is IMO (like CSP), but for configuring behaviour like in auto – we might be able to do better.
Should we create some kind of standardised config object or methodology that we could use to at least sub-category some of the stuff going on in auto (and probably being added to strict mode RE
'strict-dynamic'
injection, see #56).Or should we create a new function to configure (like https://github.com/aidantwoods/SecureHeaders/wiki/sameSiteCookies for SameSite's variable default override).