Support `unsafe-none` in `helmet.crossOriginEmbedderPolicy`?
mxxk opened this issue Β· comments
@EvanHahn thanks for your continued work on this package. π
I noticed that although unsafe-none
is a valid value for Cross-Origin-Opener-Policy
and Cross-Origin-Embedder-Policy
, and it is supported by helmet
COOP,
helmet/middlewares/cross-origin-opener-policy/index.ts
Lines 3 to 11 in 3123831
but it is not supported by helmet
COEP:
helmet/middlewares/cross-origin-embedder-policy/index.ts
Lines 3 to 7 in 3123831
I was wondering if this seems right to you, and if not, I'm happy to submit a PR! I don't believe this would be a breaking change.
You're right. COEP should support "unsafe-none". Feel free to open a pull request!