MadCat34
commented
5 years ago Feature Policy and Content Security Policy will need to be refactored (duplicate code: getDirectives() and setDirectives()).
Closed MadCat34 closed 4 years ago
MadCat34
commented
5 years ago Feature Policy and Content Security Policy will need to be refactored (duplicate code: getDirectives() and setDirectives()).
MadCat34
commented
5 years ago I have created a new abstract class AbstractDirectiveBasedHeader to move duplicates. Not sure about the naming...
What do you think ?
Ocramius
commented
5 years ago I'd probably avoid abstracting through inheritance: as soon as an RFC changes in an uncommon way, that means trouble.
MadCat34
commented
5 years ago Ok, I wasn't sure it was necessary. This can be done later.
The HTTP Feature-Policy header provides a mechanism to allow and deny the use of browser features in its own frame, and in iframes that it embeds.
RFC is currently in Draft, but it could be interesting: https://w3c.github.io/webappsec-feature-policy/
If it is OK, I will provide a PR.