upgrade readme #106
upgrade readme #106
Conversation
| 'media-src': ["'self'"], | ||
| } | ||
| ``` | ||
| To clear a directive from the default policy, set it to `null`. |
There was a problem hiding this comment.
Since the configuration is not merged anymore, there isn't any need to set a directive to null. Missed to delete that sentence in #101.
README.md
Outdated
| // } | ||
| // Please refer to CSP specification for details on valid CSP directives: | ||
| // https://w3c.github.io/webappsec-csp/#framework-directives | ||
| policy?: { [key: string]: string[]; }, |
There was a problem hiding this comment.
May provide a list of allowed keys but that would quickly get outdated as new keys might be added by CSP3, which is still an editor's draft or even by other specs (§6.5 Directives Defined in Other Documents).
There was a problem hiding this comment.
TS interfaces allow additional keys, so I think we can list the ones we expect at the moment (AFAIK new keys are still somewhat uncommon)
There was a problem hiding this comment.
Added the directive names as a type referenced as key. I hope that was the correct way. It's a very long list. But it's maybe helpful to explicitly state that all directives are supported and not only that one used in default config.
README.md
Outdated
| // } | ||
| // Please refer to CSP specification for details on valid CSP directives: | ||
| // https://w3c.github.io/webappsec-csp/#framework-directives | ||
| policy?: { [key: string]: string[]; }, |
There was a problem hiding this comment.
TS interfaces allow additional keys, so I think we can list the ones we expect at the moment (AFAIK new keys are still somewhat uncommon)
Co-Authored-By: Robert Jackson <me@rwjblue.com>
|
@rwjblue Thanks for quick review! Addressed the feedback. |
|
Is there any way we could expose that type information to be used by consumers? Would provide helpful auto-completion and prevent typos in directive names. |
Honestly, I'm not 100% sure but I think we could publish a .d.ts file so folks that wanted to use .ts could type their module.exports = function(environment: string): import('ember-cli-content-security-policy').PolicyConfiguration {
// return stuff....
} |
I will have a look into that one. Maybe some other addon is already doing it. Will have a look through possible candidates. This PR is ready to be merged from my side. |
As suggested in #104.
Please have a close look at TypeScript definition as I'm not that used to write TypeScript yet.