AnujRNair
commented
3 years ago @maudnals thanks for the feedback! I opened https://github.com/slackhq/csp-html-webpack-plugin/pull/78 with some changes to the readme, and would love your thoughts if you have some time.
maudnals
Description
Hi again :) As a newcomer to this (great!) plugin, a few things in the
README.mdcaused minor friction for me. I've listed a few suggestions for tweaks inREADME.mdbelow. Not all of these may make sense, so feel free to point out to the ones you think don't or do!const CspHtmlWebpackPlugin = require('csp-html-webpack-plugin');for example in [this section](https://github.com/slackhq/csp-html-webpack-plugin#user-content-basic-usage:~:text=new%20HtmlWebpackPlugin())?unsafe-evalwith something else? To encourage the use of safe policies. And because if other developers are lazy like me, they first may copy the example policy into their code before editing it (and—pushing the idea a bit here—it's not impossible to forget to removeunsafe-eval).unsafe-inlinefeels more OK, since AFAIK it's needed in Safari.processFn: defaultProcessFnor adding an// optionalcomment above it? Why: as mentioned, my first reflex was to paste the full config example CSP to save myself some typing time. And so I ran intodefaultProcessFn is not defined—which was a super quick one to fix, but it did require me to go back and edit my config. Maybe the question here is if you expect this feature to be used by most / a large part of this plugin's users? On the plus side though: this error was actually a good way for me to discover the feature / this ability to change the default method of what happens to the CSP after it has been created...What type of issue is this? (place an
xin one of the[ ])Requirements (place an
xin each of the[ ])