-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathmanifest.yml
22 lines (22 loc) · 1.38 KB
/
manifest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
name: netlify-build-plugin-csp-nonce
inputs:
- name: reportOnly
description: When true, uses the Content-Security-Policy-Report-Only header instead of the Content-Security-Policy header.
default: true
- name: reportUri
description: The relative or absolute URL to report any violations. If not defined, violations are reported to the __csp-violations function, which this plugin deploys.
- name: unsafeEval
description: When true, adds 'unsafe-eval' to CSP for easier adoption. Set to false to have a safer policy if your code and code dependencies does not use eval().
default: true
- name: path
description: The glob expressions of path(s) that should invoke the CSP nonce edge function. Can be a string or array of strings.
default: "/*"
- name: excludedPath
description: The glob expressions of path(s) that *should not* invoke the CSP nonce edge function. Must be an array of strings. This value gets spread with common non-html filetype extensions (*.css, *.js, *.svg, etc)
default: []
- name: unsafeInline
description: When true, allows the execution of inline scripts, such as those defined within <script> tags or through onclick attributes.
default: true
- name: self
description: When true, restricts the execution of scripts to those that originate from the same origin (protocol, domain, and port) as the document.
default: true