Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Content-Security-Policy: better error when value should be quoted #485

Merged

Conversation

EvanHahn
Copy link
Member

It's easy to forget to quote directive value entries like 'self' and 'none'. Someone recently ran into this and was confused by the error message.

This makes the error message clearer by telling you that something needs to be quoted.

-...invalid directive value for "img-src"
+...invalid directive value for "img-src". "self" should be quoted

It's easy to forget to quote directive value entries like `'self'` and
`'none'`. Someone [recently ran into this][0] and was confused by the
error message.

This makes the error message clearer by telling you that something needs
to be quoted.

```diff
-...invalid directive value for "img-src"
+...invalid directive value for "img-src". "self" should be quoted
```

[0]: #482
@EvanHahn EvanHahn self-assigned this Mar 17, 2025
@EvanHahn EvanHahn merged commit 52dd8eb into main Mar 17, 2025
5 checks passed
@EvanHahn EvanHahn deleted the better-csp-error-for-unquoted-directive-value-entries branch March 17, 2025 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

1 participant