feat(csp): require-trusted-types-for

[dargmuesli]

Is your feature request related to a problem? Please describe.

The module seemingly does not support the require-trusted-types-for content security policy.

Describe the solution you'd like

The policy should be added.

Describe alternatives you've considered

Not using this policy 🥲😉

Additional context

Since vuejs/core#10844 and v3.5 Vue supports trusted types.

[Baroshem]

Hey Jonas!

Thanks for rising this issue. I checked the availability of this particular option and it seems that it is not supported by either Mozilla or Safari and I wonder if we should support as we do it with Permissions Policy or focus on the ones that are more known 🤔

Thougths @vejja?

[dargmuesli]

caniuse shows almost 75% global support. It's not urgent for me though! Just wanted to mention this feature request as it would come up eventually this way or another I'm sure 😁

[vejja]

We can support it, no problem I think

[Baroshem]

@dargmuesli would you be interested in developing this functionality? :)

[dargmuesli]

I might come across this while procrastinating 😉 but if someone else goes first, I won't complain 😁

[vejja]

@dargmuesli it was just a simple type modification
Happy to get your feedback on whether require-trusted-types-for has the right type definition. Not clear to me if the spec says that only 'script' is valid, any word, or any combination of words...

[Baroshem]

Thanks @vejja 💚

@dargmuesli I have changed the base branch of the linked PR to 2.1.0 as I would like to plan it for the upcoming new release. Let us know if the code developed by Sebastien is what you wanted :)