Add CSP #1959
Add CSP #1959
Conversation
github-actions
bot
added
the
feature definition
There was a problem hiding this comment.
First review pass. Should get another set of eyes as well, since some of these issues are not clear and might benefit from group discussion even.
* caniuse keys
I think I just saw a n:1 of feature:caniuse but not sure I've yet seen a 1:n of feature:caniuse! My preference is what you've done here - group logically for WF even if doesn't align perfectly w/ Caniuse. But maybe worth bringing up at the meeting on Thurs for more inputs.
* `http.headers.Content-Security-Policy.script-src.inline-speculation-rules` and `http.headers.Content-Security-Policy.fenced-frame-src`. Both should probably be included with in their respective features? (the CSP directive for trust-types does this)
Sounds like what we've been doing so far. No great answers here, until keys can be in two features at once or something like that 🤷🏽
I also started a security group.
Should add a description to this.
See also w3c-cg/swag#2. |
|
@Elchi3 was going to merge, but is not clear if ready - can you resolve the comments above if they've all been addressed now? |
|
I think we're good to go here. I removed the keys that belong elsewhere and I think I just had a 1:n feature:caniuse in the Performance API PR, too. Anyway, the linter would probably complain about it if it is not valid. Let's merge |
* Add CSP * Add group desc; update feature desc; remove keys belonging elsewhere * npm run dist
Wasn't sure about:
http.headers.Content-Security-Policy.script-src.inline-speculation-rulesandhttp.headers.Content-Security-Policy.fenced-frame-src. Both should probably be included with in their respective features? (the CSP directive for trust-types does this)I also started a security group. Would like to add more features into this as we (OWD) are interested in the state of web security features.