oschaaf commented on issue #1758: ModPagespeedHonorCsp ignores that unsafe-eval 
is not an allowed script source
   Another thought -- would it make sense to make header reading more 
configurable per header-type? e.g.:
   ModPagespeedReadResponseHeaderPhase HeaderName Phase [optional 
   Where `Phase` would be one of `default` or `final`. Not sure I like the
   proposed option name and phase names here, but I wonder what the thoughts
   are about the general idea of delegating responsibility to configuration 
   (Internally, we could still consider defaulting the phase to `final` for 
`Content-Security-Policy` when 
   respecting it is enabled, and no explicit directives are set).
   Implementing the new phase for header capturing (`final`) would be pretty 
generic and require a similar
   hook in all ports, I think, though I feel some more thought may be needed to 
get consistent behavior across html and resource responses when doing this.

This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:

With regards,
Apache Git Services

Reply via email to