sambauers
commented
2 years ago This is a feature request presented as a PR. Happy to work through any changes or preferences around how this should be implemented, or if you don't want to enable this then that's OK too.
I simply found it kind of annoying that as soon as I wanted to add another script or style source, that I had to specify the defaults again.
Provided as an "opt-in" setting in this implementation as it could have unexpected consequences for people's existing configs.
github-actions[bot]
Allow the setting of
contentSecurityPolicy.mergeDefaultDirectiveswhich allows CSP directives defined in config to be additive to the default directives defined innext-safe.Also allow interpretation of string directives, e.g.
"'self' data:"and split these in order to merge and de-duplicate against defaults.In addition, deal with the possibility of duplicates when merging in development default CSP directives.
Update documentation to convey new option and usage.