$csp = (new CSPBuilder())
->setSelfAllowed('default-src', true)
->addSource('img-src', 'ytimg.com')
->disableOldBrowserSupport()
;
will produce a header like this:
default-src 'self'; img-src ytimg.com;
i.e. if you do not have directives like upgrade-insecure-requests then there will always be a trailing semicolon (and space). While this does not lead to any issues if you use this header as is, it is still inconsistent and unexpected imho. This PR would always remove the trailing semicolon and space.
Currently a CSP like this:
will produce a header like this:
i.e. if you do not have directives like
upgrade-insecure-requeststhen there will always be a trailing semicolon (and space). While this does not lead to any issues if you use this header as is, it is still inconsistent and unexpected imho. This PR would always remove the trailing semicolon and space.