turboMaCk
commented
8 years ago @thefourtheye see last commit with null test.
Closed turboMaCk closed 7 years ago
turboMaCk
commented
8 years ago @thefourtheye see last commit with null test.
jasisk
commented
8 years ago I'm for it. :+1:
turboMaCk
commented
8 years ago Ready from my side.
turboMaCk
commented
8 years ago Any feedback on this?
grawk
commented
8 years ago It looks good to me :+1:. I'll let @jasisk do the final merge though since he's the lead maintainer
jasisk
commented
8 years ago Hey @turboMaCk. Sorry for the delay—had a few speed bumps lately but I'm back. Let me think on this for a day or two. In any case, thanks for your contribution and patience!
turboMaCk
commented
8 years ago @jasisk Sure! No problem man.
turboMaCk
commented
8 years ago maybe it will be good to think about this one more time.
I really like this PR: https://github.com/krakenjs/lusca/pull/72
what about doing it this way:
"policy": {
"global": ["block-all-mixed-content", "upgrade-insecure-requests"],
"default-src": ["'self'",
"https://*.google-analytics.com",
"https://*.mydomain.com",
"https://*.mydomain2.com",
"http://*.mydomain2.com"],
"script-src": ["'self'",
"https://*.google-analytics.com",
"https://*.mydomain.com",
"https://*.mydomain2.com"]
}
linkRace
commented
7 years ago Doing some cleanup here, closing this since #79 has this change and more
improve CSP support for: