Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(csp): require-trusted-types-for #526

Closed
dargmuesli opened this issue Sep 23, 2024 · 7 comments · Fixed by #529 or #532
Closed

feat(csp): require-trusted-types-for #526

dargmuesli opened this issue Sep 23, 2024 · 7 comments · Fixed by #529 or #532
Assignees
Labels
enhancement New feature or request

Comments

@dargmuesli
Copy link
Contributor

Is your feature request related to a problem? Please describe.

The module seemingly does not support the require-trusted-types-for content security policy.

Describe the solution you'd like

The policy should be added.

Describe alternatives you've considered

Not using this policy 🥲😉

Additional context

Since vuejs/core#10844 and v3.5 Vue supports trusted types.

@dargmuesli dargmuesli added the enhancement New feature or request label Sep 23, 2024
@Baroshem
Copy link
Collaborator

Hey Jonas!

Thanks for rising this issue. I checked the availability of this particular option and it seems that it is not supported by either Mozilla or Safari and I wonder if we should support as we do it with Permissions Policy or focus on the ones that are more known 🤔

Thougths @vejja?

@dargmuesli
Copy link
Contributor Author

caniuse shows almost 75% global support. It's not urgent for me though! Just wanted to mention this feature request as it would come up eventually this way or another I'm sure 😁

@vejja
Copy link
Collaborator

vejja commented Sep 23, 2024

We can support it, no problem I think

@Baroshem
Copy link
Collaborator

@dargmuesli would you be interested in developing this functionality? :)

@dargmuesli
Copy link
Contributor Author

I might come across this while procrastinating 😉 but if someone else goes first, I won't complain 😁

@vejja vejja self-assigned this Sep 26, 2024
@vejja vejja mentioned this issue Sep 26, 2024
6 tasks
@vejja
Copy link
Collaborator

vejja commented Sep 26, 2024

@dargmuesli it was just a simple type modification
Happy to get your feedback on whether require-trusted-types-for has the right type definition. Not clear to me if the spec says that only 'script' is valid, any word, or any combination of words...

@Baroshem
Copy link
Collaborator

Thanks @vejja 💚

@dargmuesli I have changed the base branch of the linked PR to 2.1.0 as I would like to plan it for the upcoming new release. Let us know if the code developed by Sebastien is what you wanted :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants