In our CI we would like to use the --validate flag to check our CSP. Currently the command exits with errors because we don't have anything for image-src and style-src but we have decided to not add it for various reasons. If there was an option to ignore these the tool could still validate the JavaScript parts of the CSP and pass/fail the pipeline but now it would fail each time.
Maybe something like --validate-ignore style-src image-src?
papandreou
commented
2 years ago
In our CI we would like to use the
--validateflag to check our CSP. Currently the command exits with errors because we don't have anything for image-src and style-src but we have decided to not add it for various reasons. If there was an option to ignore these the tool could still validate the JavaScript parts of the CSP and pass/fail the pipeline but now it would fail each time.Maybe something like
--validate-ignore style-src image-src?