Closed BruceGitHub closed 3 years ago
paragonie-security
commented
3 years ago This looks great, but some of the changes appear to be code-style related.
Would it be possible for you to revert those changes so we can discuss your feature change in isolation?
BruceGitHub
commented
3 years ago This looks great, but some of the changes appear to be code-style related.
Would it be possible for you to revert those changes so we can discuss your feature change in isolation?
OK! I revert all changes of code style
paragonie-security
commented
3 years ago I just pushed a change to the master branch to switch to Github Actions, so if you rebase your changes it should run now. :)
paragonie-security
commented
3 years ago This looks great. I'll get around to fixing the code style issues before I tag the next release. Thanks for your contribution!
In some situations, we need to process the output before saving it to disk. This PR adds an extension point for this purpose.
In my specific case, I use the generated output for NGINX by following the approach suggested by Scott Helme in this post https://scotthelme.co.uk/csp-nonce-support-in-nginx.
So the nonce must be
nonce-$some-placeholder-valuebut the nonce value incsp-builderis sanitized with a regexp (it's ok) but this forces to apply transformations after that the file it's saves to disk.I work around it reloads the file after saving and apply the correct fixes.
With this extension point, it's possible to use this lib and follows this approach in an elegant manner, further, it's possible to "patch" the file in all cases in which some directives must be yet integrated