oreoshake
commented
3 years ago Hi @ankitagrawal0x90 I think there's some support for CSP3 goodies. Have you noted which contributions would be necessary? I'm happy to review/release more support.
Closed ankitagrawal0x90 closed 3 years ago
oreoshake
commented
3 years ago Hi @ankitagrawal0x90 I think there's some support for CSP3 goodies. Have you noted which contributions would be necessary? I'm happy to review/release more support.
ankitagrawal0x90
commented
3 years ago @oreoshake Thank you for your response, appreciate it. I will look through the code to find CSP 3 directives currently supported by the gem and share more.
ankitagrawal0x90
commented
3 years ago I read through the code https://github.com/github/secure_headers/blob/main/lib/secure_headers/headers/content_security_policy_config.rb and https://github.com/github/secure_headers/blob/main/lib/secure_headers/headers/policy_management.rb and the library has everything I need.
I was partly mislead by the documentation here https://www.rubydoc.info/gems/secure_headers/6.3.2 here which mentions
Content Security Policy (CSP) - Helps detect/prevent XSS, mixed-content, and other classes of attack. CSP 2 Specification
Thanks for all the great work. Closing this issue.
Feature Requests
Is there any current or future work planned around expanding CSP directives to include CSP level 3? I read the contributing guidelines and would be happy to contribute.
In general, looking at the changes that come with CSP level 3 (ref: https://www.w3.org/TR/CSP3/#changes-from-level-2) and browser version support mentioned here https://content-security-policy.com/, it will be great to be able to use this library for new features and directives.