github/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

typedef: add localCSP to OpenOptions

Browse Source
This commit is contained in:
CanadaHonk 2023-02-07 23:27:49 +00:00
parent 5990a58bb4
commit d246db5d05
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
gluon.d.ts vendored
View File

@ -526,8 +526,17 @@ type OpenOptions = {
* - `false`: **No** redirects are allowed. * - `false`: **No** redirects are allowed.
* - `same-origin`: Redirects are **allowed if the redirect URL is the same origin** (as the URL given to `open()`). * - `same-origin`: Redirects are **allowed if the redirect URL is the same origin** (as the URL given to `open()`).
* - `true`: **All** redirects are allowed. **Not recommended.** * - `true`: **All** redirects are allowed. **Not recommended.**
* @default 'same-origin'
*/ */
allowRedirects?: false | 'same-origin' | true allowRedirects?: false | 'same-origin' | true,
/**
* Set the Content Security Policy when using Local (giving open() a path).
* Defaults to allowing almost everything remote except dangerous parts like JS or frames (see detailed default value).
* Set to blank (`''`) to use no CSP, or provide your own to use (as a string).
* @default "upgrade-insecure-requests; default-src 'self' 'unsafe-inline'; connect-src https: data: blob: 'unsafe-inline'; prefetch-src https: data: blob: 'unsafe-inline'; font-src https: data: blob: 'unsafe-inline'; img-src https: data: blob: 'unsafe-inline'; media-src https: data: blob: 'unsafe-inline'; style-src https: data: blob: 'unsafe-inline'; form-action https: data: blob: 'unsafe-inline'"
*/
localCSP?: string
}; };
/** /**