juunas11 / aspnetcore-security-headers

Middleware for adding security headers to an ASP.NET Core application.
MIT License
266 stars 43 forks source link

Add support of 'require-trusted-types-for' csp directive #57

Open luber opened 3 years ago

luber commented 3 years ago

Need to be able to specify require-trusted-types-for directive: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/require-trusted-types-for

It would be nice to be able to add directives that are not yet supported by the library before building final header result...

juunas11 commented 1 year ago

This could be added. It's currently an experimental directive though and not supported across all major browsers. There is a risk that it'll be changed/removed in the future.