allow-listed resources are not always added to the "hashes module"

kindspells / astro-shield

Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.

https://astro-shield.kindspells.dev

MIT License

58 stars 6 forks source link

allow-listed resources are not always added to the "hashes module" #56

Closed castarco closed 8 months ago

castarco commented 8 months ago

It seems that, sometimes, the allow-lists are not used during the hashes module generation process. This is problematic because the middleware relies on that module to assert that a resource is allowed.