feat: add `enforceAnonymousCrossOrigin` option
Closed this issue · 1 comments
castarco commented
To enhance security, it is a good idea to enforce that cross-origin scripts are loaded with "anonymous" credentials (setting the crossorigin="anonymous"
attribute).
Progress Tracking
-
AddenforceAnonymousCrossOrigin
option to integration config options, with its corresponding behaviour (should be marked astrue
by default!).- Note: In the end I didn't add an option, but enabled it by default. Disabling it should be done on case by case basis, through the exceptions scape hatch.
- Make it possible to specify exceptions to the rule
castarco commented
The small added value won't compensate for the extra complexity