-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support clearing/unsetting directives via decorator #201
Comments
This allows a directive to be cleared / unset entirely for a particular view. Closes mozilla#201
I see that In other words, we could add a new decorator, or use an existing decorator for the same purpose. I'd be curious of which seems clearer. |
Alternatively, we could define a sentinel |
If we like the idea of reusing the decorators we have, I like the sentinel idea. It makes it a bit more clear and intentional. |
I'm not sure if you're asking me Rob, but I like the approach of a sentinel with |
I'm looking at this again now that the big refactor is merged. By the way, I was wrong in my comment above, this worked before my refactor, it was just confusing with the In the PR you shared a test that has both a Given that |
We have a case where the middleware was applying a policy via
Since |
I'm good with closing this issue too as a "Won't fix for now". If there are others out there that could benefit from it, they can upvote it. It may not be worth adding to your maintenance workload. |
Our application is served within an iframe. All but the initial authentication views need to have a
frame-ancestors
keyed to the tenants domain. We use a separate middleware to interact with the_csp_update
API. To poke a hole for these authentication views, I've created acsp_clear
decorator that clears theframe_ancestors
directive.I'm unsure if this has utility outside of our particular need. I'll be posting the PR shortly for you to review and decide if it's helpful or not.
The text was updated successfully, but these errors were encountered: