Add Content-Security-Policy Default directives as found in HelmetΒ #53
Description
π± Feature Request
Is your feature request related to a problem? Please describe.
As a solution similar to helmet, it would be beneficial for consumers to have similar defaults, so as to align with other packages features. This would provide consumers with a simple interface to match other packages leveraging helmet defaults. Otherwise, consumers need to specify these in their repositories.
You can find the defaults in helmet here
Describe the solution you'd like
Somewhere in the CSP rule, you could allow users to specify they want a set of default directives here: https://github.com/jagaapple/next-secure-headers/blob/master/src/rules/content-security-policy.ts#L226-L238
The behavior of the helmet repository is that if you tell it to include CSP without specifying any directives, it will default to the set defined in the module here
next-secure-headers can implement something similar by here:
https://github.com/jagaapple/next-secure-headers/blob/master/src/rules/content-security-policy.ts#L213-L223
When no directives are passed through, it can default to the same set of directives.
Describe alternatives you've considered
Consumers need to maintain a basic set of default directives for helmet independently when this should rest with the package.
Documentation, Adoption, Migration Strategy
If you can, explain how users will be able to use this and how it might be documented. Maybe a mock-up?
Additional context
Add any other context or screenshots about the feature request here.
- I've tried to find similar issues and pull requests
- I would like to work on this feature πͺπ»