lweichselbaum
commented
3 years ago Thank you very much for raising this issue!
Closed craigfrancis closed 3 years ago
lweichselbaum
commented
3 years ago Thank you very much for raising this issue!
lweichselbaum
commented
3 years ago NPM package updated: https://www.npmjs.com/package/csp_evaluator
craigfrancis
commented
3 years ago Thank you Lukas; and thanks for updating NPM, as that should help LightHouse get updated.
andrerferreira
commented
2 years ago Hi, I've noticed the same problem at https://csp-evaluator.withgoogle.com perhaps the fix can make it there also. Best regards, A.
Trusted Types uses the keyword 'none' to show that no policies are allowed:
https://w3c.github.io/webappsec-trusted-types/dist/spec/#trusted-types-csp-directive
This is used to enforce Trusted Types restrictions (disabling unsafe APIs), without needing a policy to bypass these restrictions.
https://github.com/google/csp-evaluator/blob/e3638195ac812d61dc8ea11b5805e04e4230e2f6/checks/parser_checks.ts#L138
I believe this would fix the issue where LightHouse shows the error message
'none' seems to be an invalid keyword.