Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content-Security-Policy-Report-Only HTTP header #1248

Open
ehmicky opened this issue Oct 18, 2024 · 0 comments
Open

Content-Security-Policy-Report-Only HTTP header #1248

ehmicky opened this issue Oct 18, 2024 · 0 comments
Labels
feature request

Comments

@ehmicky
Copy link

ehmicky commented Oct 18, 2024

Is your feature request related to a problem? Please describe.
With @middy/http-security-headers, the CSP HTTP header is always named Content-Security-Policy. It would be nice to be able to use Content-Security-Policy-Report-Only as well, for debugging/testing.

Describe the solution you'd like
Helmet uses a boolean option for this, but any other solution works.

Describe alternatives you've considered
A workaround is to rename the header manually after the middleware has run.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ehmicky