Closed maudnals closed 3 years ago
@maudnals thanks for the feedback! I opened https://github.com/slackhq/csp-html-webpack-plugin/pull/78 with some changes to the readme, and would love your thoughts if you have some time.
Great, thank you for the changes! Added a comment on the PR.
Merged!
Description
Hi again :) As a newcomer to this (great!) plugin, a few things in the
README.md
caused minor friction for me. I've listed a few suggestions for tweaks inREADME.md
below. Not all of these may make sense, so feel free to point out to the ones you think don't or do!const CspHtmlWebpackPlugin = require('csp-html-webpack-plugin');
for example in [this section](https://github.com/slackhq/csp-html-webpack-plugin#user-content-basic-usage:~:text=new%20HtmlWebpackPlugin())?unsafe-eval
with something else? To encourage the use of safe policies. And because if other developers are lazy like me, they first may copy the example policy into their code before editing it (and—pushing the idea a bit here—it's not impossible to forget to removeunsafe-eval
).unsafe-inline
feels more OK, since AFAIK it's needed in Safari.processFn: defaultProcessFn
or adding an// optional
comment above it? Why: as mentioned, my first reflex was to paste the full config example CSP to save myself some typing time. And so I ran intodefaultProcessFn is not defined
—which was a super quick one to fix, but it did require me to go back and edit my config. Maybe the question here is if you expect this feature to be used by most / a large part of this plugin's users? On the plus side though: this error was actually a good way for me to discover the feature / this ability to change the default method of what happens to the CSP after it has been created...What type of issue is this? (place an
x
in one of the[ ]
)Requirements (place an
x
in each of the[ ]
)