Hi @AlemTuzlak,
I’d like to contribute to the project by adding support for a default Content-Security-Policy (CSP) header — turned off by default, but easy to enable when needed.
What I propose:
- Add CSP header support with a sensible default policy (e.g.,
default-src 'none')
- Make it opt-in via an env variable or config flag
Happy to follow your preferred coding style or integration pattern. Let me know if you’re open to this — I can start working on a pull request right away.
Thanks!
Duncan
Hi @AlemTuzlak,
I’d like to contribute to the project by adding support for a default
Content-Security-Policy(CSP) header — turned off by default, but easy to enable when needed.What I propose:
default-src 'none')Happy to follow your preferred coding style or integration pattern. Let me know if you’re open to this — I can start working on a pull request right away.
Thanks!
Duncan