Describe the problem
It's generally considered a good idea to enable content-security-policy-report-only before enabling CSP, just in case it will break a bunch of stuff.
Describe the proposed solution
With this config, the header name would be content-security-policy-report-only instead of content-security-policy. Everything else would be unchanged.
// svelte.config.js
export default {
kit: {
csp: {
reportOnly: true,
directives: {...}
}
}
};
Alternatives considered
No response
Importance
nice to have
Additional Information
No response
Describe the problem
It's generally considered a good idea to enable
content-security-policy-report-onlybefore enabling CSP, just in case it will break a bunch of stuff.Describe the proposed solution
With this config, the header name would be
content-security-policy-report-onlyinstead ofcontent-security-policy. Everything else would be unchanged.Alternatives considered
No response
Importance
nice to have
Additional Information
No response