alex-page
commented
5 years ago It would be good to identify:
- What CSP we should have
- What we currently have
- How we can add missing functionality without adding burden to development locally
Open azerella opened 5 years ago
alex-page
commented
5 years ago It would be good to identify:
I think removing helmet is a solid solution as our cloud providers already provide these common XSS headers. It's causing local development grief and adds extra complication that is already being handled by the cloud provider.
We should revisit CSP headers at a later time though.