Recently, we've had a spate of fixes for parsing directives and source-expressions, stemming from the fact that the code doesn't understand the format of valid expressions, and makes local assumptions about what they look like — in particular, assuming a resemblance to URLs during deduplication.
Recently, we've had a spate of fixes for parsing directives and source-expressions, stemming from the fact that the code doesn't understand the format of valid expressions, and makes local assumptions about what they look like — in particular, assuming a resemblance to URLs during deduplication.
https://github.com/github/secure_headers/pull/490 https://github.com/github/secure_headers/pull/478
This PR is an attempt to 'bite the bullet" and parse source expressions so we can semantically deduplicate matching URLs.
All PRs:
Adding a new header