helmetjs/csp issues and pull requests

#107 - Bump lodash from 4.17.15 to 4.17.19

Pull Request - State: closed - Opened by dependabot[bot] over 4 years ago - 2 comments
Labels: dependencies

#106 - defaulting to Content-Security-Policy for unrecognized browser versio…

Pull Request - State: closed - Opened by emilmuller over 4 years ago - 3 comments
Labels: in progress

#105 - No CSP headers for iOS WebViews

Issue - State: closed - Opened by emilmuller over 4 years ago - 5 comments

#104 - Add support for trusted-types

Issue - State: closed - Opened by Cherry over 4 years ago - 7 comments

#103 - Add 'allow-downloads' directive to config

Pull Request - State: closed - Opened by vencelvarga over 4 years ago - 2 comments

#102 - Release helmet-csp@3

Pull Request - State: closed - Opened by EvanHahn over 4 years ago - 1 comment

#101 - s.getParser was broken because of import * as bowser from 'bowser';

Pull Request - State: closed - Opened by dagda1 over 4 years ago - 8 comments

#100 - Updated link to Square's article on CSP for SPWAs.

Pull Request - State: closed - Opened by agamdua almost 5 years ago - 2 comments

#99 - object-src directive checker error

Issue - State: closed - Opened by rdodev almost 5 years ago - 2 comments
Labels: needs more information

#98 - Add script-src-elem directive

Pull Request - State: closed - Opened by psyraxaus almost 5 years ago - 6 comments

#97 - Remove browser sniffing

Issue - State: closed - Opened by EvanHahn almost 5 years ago - 6 comments
Labels: in progress

#96 - Bowser.getParser is not a function

Issue - State: closed - Opened by darinrogers almost 5 years ago - 9 comments
Labels: needs more information

#95 - res.setHeader is not a function

Issue - State: closed - Opened by sfuerte almost 5 years ago - 5 comments

#94 - Update bowser dependency to latest version

Pull Request - State: closed - Opened by barnesdc about 5 years ago - 1 comment

#93 - Header report-uri deprecated

Issue - State: closed - Opened by danieldanielecki about 5 years ago - 4 comments

#92 - Header require-sri-for deprecated

Issue - State: closed - Opened by danieldanielecki about 5 years ago - 7 comments

#91 - misc: simplify types

Pull Request - State: closed - Opened by matheus1lva about 5 years ago - 1 comment

#90 - TypeScript typings are broken

Issue - State: closed - Opened by esprehn about 5 years ago - 3 comments

#89 - Unable to use with Webpack when targeting Node

Issue - State: closed - Opened by markmcdowell about 5 years ago - 18 comments
Labels: needs more information

#88 - Bump bowser dependency to v2.5.4

Pull Request - State: closed - Opened by amuttsch about 5 years ago - 2 comments

#87 - keyword declared twice in keywords array

Pull Request - State: closed - Opened by knoxcard about 5 years ago - 1 comment

#86 - Convert project to TypeScript

Pull Request - State: closed - Opened by bensalilijames over 5 years ago - 7 comments

#85 - add new sandbox directive: allow-downloads-without-user-activation

Pull Request - State: closed - Opened by vencelvarga over 5 years ago - 2 comments

#84 - Add support for script-src-elem directive

Issue - State: closed - Opened by evdama over 5 years ago - 3 comments
Labels: in progress

#83 - Issue due to extra x-content-security-policy, x-webkit-csp headers

Issue - State: closed - Opened by webuniverseio over 5 years ago - 4 comments

#82 - 'unsafe-inline' should be allowed in style-src and connect-src

Issue - State: closed - Opened by EvanHahn over 5 years ago - 1 comment

#81 - How to add a specific sha256 to scriptSrc?

Issue - State: closed - Opened by Ks89 over 5 years ago - 4 comments
Labels: needs more information

#80 - Upgrade dependency for platorm to version > 1.3.5

Issue - State: closed - Opened by jmtaillant over 5 years ago - 4 comments
Labels: in progress

#79 - validate CSP

Pull Request - State: closed - Opened by knoxcard over 5 years ago - 3 comments
Labels: in progress

#78 - reportTo directive

Issue - State: closed - Opened by sericaia over 5 years ago - 4 comments
Labels: in progress

#77 - Convert module to TypeScript

Issue - State: closed - Opened by EvanHahn over 5 years ago - 1 comment

#76 - safari will ignore whole rule

Issue - State: closed - Opened by futurist over 5 years ago - 4 comments

#75 - Cannot Use Function Instead of Array as Value of Directive

Issue - State: closed - Opened by joedski almost 6 years ago - 8 comments
Labels: needs more information

#74 - how to choose? With helmet or helmet-csp? It's all yours, I don't know which one to choose?

Issue - State: closed - Opened by hktalent almost 6 years ago - 2 comments
Labels: needs more information

#73 - Duplicate keys should error

Issue - State: closed - Opened by EvanHahn about 6 years ago - 3 comments

#72 - Use ES2015 in README

Issue - State: closed - Opened by EvanHahn over 6 years ago

#71 - Use uuid module in README, node-uuid is deprecated

Pull Request - State: closed - Opened by davidjb over 6 years ago - 1 comment

#70 - Add support for navigate-to directive

Issue - State: closed - Opened by EvanHahn over 6 years ago - 6 comments
Labels: needs more information

#69 - Support upcoming prefetch-src directive

Issue - State: closed - Opened by Kiechlus almost 7 years ago - 2 comments
Labels: in progress

#68 - Reading JSON config without extension

Issue - State: closed - Opened by oayres almost 7 years ago - 10 comments
Labels: in progress

#67 - add support for base-uri

Issue - State: closed - Opened by selfagency about 7 years ago - 6 comments
Labels: in progress

#66 - Module not found error

Issue - State: closed - Opened by westdabestdb about 7 years ago - 13 comments
Labels: needs more information

#65 - report-to should be optional

Issue - State: closed - Opened by ischyron over 7 years ago - 6 comments

#64 - Style and script directives not applied

Issue - State: closed - Opened by andreasvirkus over 7 years ago - 3 comments

#63 - Add support for report-to

Issue - State: closed - Opened by EvanHahn over 7 years ago - 6 comments

#62 - [ HTTPS 443 ]: Application error message

Issue - State: closed - Opened by andreaj8 over 7 years ago - 11 comments
Labels: needs more information

#61 - workerSrc is not working

Issue - State: closed - Opened by idangozlan over 7 years ago - 5 comments

#60 - Support for worker-src

Issue - State: closed - Opened by Reggino over 7 years ago - 2 comments

#59 - Cannot set styleSrc with self and unsafe-inline

Issue - State: closed - Opened by joehenry087 almost 8 years ago - 2 comments

#58 - Added options for the sandbox directive

Pull Request - State: closed - Opened by qqqmr almost 8 years ago - 5 comments
Labels: in progress

#57 - Add support for 'strict-dynamic'

Issue - State: closed - Opened by XhmikosR almost 8 years ago - 7 comments
Labels: in progress

#56 - Update config.json

Pull Request - State: closed - Opened by XhmikosR almost 8 years ago - 5 comments

#55 - Add support for manifest-src

Issue - State: closed - Opened by XhmikosR almost 8 years ago - 1 comment
Labels: needs contributor

#54 - Add frame-src directive to whitelist

Pull Request - State: closed - Opened by EvanHahn about 8 years ago
Labels: in progress

#53 - frame-src being seen as invalid

Issue - State: closed - Opened by muffinresearch about 8 years ago - 6 comments
Labels: in progress

#52 - Add support for require-sri-for

Issue - State: closed - Opened by EvanHahn about 8 years ago - 1 comment

#51 - External links doesn't work when running CSP

Issue - State: closed - Opened by MathRobin about 8 years ago - 11 comments
Labels: needs more information

#50 - Remove connect-src fix for iOS Chrome—it's been fixed for a long time

Pull Request - State: closed - Opened by EvanHahn about 8 years ago
Labels: in progress

#49 - Remove connect-src fix for iOS Chrome—it's been fixed for a long time

Pull Request - State: closed - Opened by EvanHahn about 8 years ago - 1 comment
Labels: in progress

#48 - iOS chrome vs Other Chrome (transformDirectivesForBrowser)

Issue - State: closed - Opened by chulander about 8 years ago - 3 comments
Labels: in progress

#47 - Avoid mutating headerKeys when reportOnly is enabled.

Pull Request - State: closed - Opened by EntropyAu about 8 years ago - 3 comments
Labels: in progress

#46 - -Report-Only header broken - Content-Security-Policy-Report-Only-Report-Only-Report-Only

Issue - State: closed - Opened by EntropyAu about 8 years ago - 2 comments
Labels: in progress

#45 - Adding fontSrc to README.md

Pull Request - State: closed - Opened by isaacnass about 8 years ago - 4 comments

#44 - 2.0.0

Pull Request - State: closed - Opened by EvanHahn over 8 years ago
Labels: in progress

#43 - Handle Firefox for Android and Firefox OS

Pull Request - State: closed - Opened by shane-tomlinson over 8 years ago - 7 comments
Labels: in progress

#42 - connectSrc not converted to xhrSrc for Firefox for Android or FxOS

Issue - State: closed - Opened by shane-tomlinson over 8 years ago
Labels: in progress

#41 - Add referrer policy support in 2.x

Issue - State: closed - Opened by EvanHahn over 8 years ago - 2 comments
Labels: needs more information

#40 - Add `block-all-mixed-content` support

Issue - State: closed - Opened by EvanHahn over 8 years ago
Labels: in progress

#39 - Link to GitHub's CSP blog post

Issue - State: closed - Opened by EvanHahn over 8 years ago
Labels: in progress

#38 - `-Report-Only` can end up being added several times

Issue - State: closed - Opened by tbassetto over 8 years ago - 6 comments
Labels: needs more information

#37 - Make `report-uri` optional

Issue - State: closed - Opened by EvanHahn over 8 years ago - 7 comments
Labels: in progress

#36 - upgrade-insecure-requests directive is always set for falsey config values

Issue - State: closed - Opened by muffinresearch over 8 years ago - 18 comments
Labels: in progress

#35 - Allow 'reportOnly' option to be set dynamically

Pull Request - State: closed - Opened by mfinifter over 8 years ago - 7 comments
Labels: in progress

#34 - Make sure we support `block-all-mixed-content` directive

Issue - State: closed - Opened by EvanHahn over 8 years ago - 1 comment

#33 - Add opt-out for UA parsing

Pull Request - State: closed - Opened by kara-ryli over 8 years ago - 1 comment
Labels: in progress

#32 - Add option to disable non-standard CSP headers

Issue - State: closed - Opened by kara-ryli almost 9 years ago - 11 comments
Labels: in progress

#31 - Update README.md

Pull Request - State: closed - Opened by nimish almost 9 years ago - 6 comments

#30 - Fix README issues

Pull Request - State: closed - Opened by nickclaw almost 9 years ago - 1 comment

#29 - Add a changelog or upgrade guide.

Issue - State: closed - Opened by BerkeleyTrue almost 9 years ago - 7 comments

#28 - TypeError if user agent is missing

Issue - State: closed - Opened by pigulla almost 9 years ago - 3 comments

#27 - Example in README is not working.

Issue - State: closed - Opened by Amberlamps almost 9 years ago - 1 comment

#26 - Enable dynamically generated values

Pull Request - State: closed - Opened by nickclaw about 9 years ago - 11 comments

#25 - Enable dynamically generated values

Pull Request - State: closed - Opened by nickclaw about 9 years ago - 3 comments

#24 - Investigate a faster User Agent parser

Issue - State: closed - Opened by EvanHahn about 9 years ago - 3 comments

#23 - Issues with single and double quotes

Issue - State: closed - Opened by hurricane766 about 9 years ago - 3 comments

#22 - Add referrer and reflected XSS directives

Issue - State: closed - Opened by EvanHahn about 9 years ago - 1 comment

#21 - Add support for "upgrade-insecure-requests"

Issue - State: closed - Opened by EvanHahn about 9 years ago - 1 comment

#20 - helmet blocks external links

Issue - State: closed - Opened by kennethaasan about 9 years ago - 6 comments

#19 - How to do per-request nonces or hashes?

Issue - State: closed - Opened by mikemaccana about 9 years ago - 5 comments

#18 - FIx formatting in example usage

Pull Request - State: closed - Opened by maritz over 9 years ago - 6 comments

#17 - request support: "CSP" request header handler

Issue - State: closed - Opened by septs over 9 years ago - 4 comments

#16 - Added Route Handling Example for CSP Violations

Pull Request - State: closed - Opened by dstroot over 9 years ago - 8 comments

#15 - What does helmet actually send to the reportUri route?

Issue - State: closed - Opened by dstroot over 9 years ago - 5 comments

#14 - First version of the directive compatibility test page

Pull Request - State: closed - Opened by analog-nico over 9 years ago - 4 comments
Labels: needs contributor

#13 - Remove usage of lodash from lib code

Pull Request - State: closed - Opened by trygve-lie over 9 years ago

#12 - Remove Lodash dependency

Issue - State: closed - Opened by EvanHahn over 9 years ago - 1 comment

#11 - Illegal access error on Node 0.11.13

Issue - State: closed - Opened by EricLin2004 over 9 years ago - 17 comments

#10 - 'unsafe-inline' and 'unsafe-eval' on Firefox 20 for Mac

Issue - State: closed - Opened by analog-nico over 9 years ago - 11 comments

#9 - Support CSP level 2

Issue - State: closed - Opened by analytically almost 10 years ago - 8 comments

#4 - Fix bug: a request from unknown browsers change global setAllHeaders setting

Pull Request - State: closed - Opened by teppeis about 10 years ago - 7 comments

GitHub / helmetjs/csp issues and pull requests