search

google / csp-evaluator

https://csp-evaluator.withgoogle.com
Apache License 2.0
315 stars 45 forks source link

Add support for `navigate-to` #34

Closed craigfrancis closed 2 years ago

craigfrancis commented 3 years ago

While not currently enabled on Chrome or Firefox, CSP3 does define the navigate-to directive:

https://www.w3.org/TR/CSP3/#directive-navigate-to

I think it just needs to be added to the Directive enum:

https://github.com/google/csp-evaluator/blob/e3638195ac812d61dc8ea11b5805e04e4230e2f6/csp.ts#L235

And maybe FETCH_DIRECTIVES, even though I don't think it's technically a fetch (returning for this document), it's still a serialized-source-list:

https://github.com/google/csp-evaluator/blob/e3638195ac812d61dc8ea11b5805e04e4230e2f6/csp.ts#L287

adamraine commented 2 years ago

@ddworken can you do an npm release for this?