Can't make it work #8
Description
I am using latest version on master
I added this in my config.exs
config :secure_headers, SecureHeaders,
config: [
content_security_policy: "require-sri-for script;",
http_public_key_pins: "",
strict_transport_security: "max-age=631138519",
x_content_type_options: "nosniff",
x_download_options: "noopen",
x_frame_options: "sameorigin",
x_permitted_cross_domain_policies: "none",
x_xss_protection: "1; mode=block"
]
I added the application to be started in mix.exs (even though I believe it's not necessary anymore with the latest versions of elixir)
I added the plug in the router
Just leaving the default configuration, the headers are not set properly
If I set it explicitely in the router with (for example)
plug(SecureHeaders, secure_headers: [config: [content_security_policy: "require-sri-for script;"]])
I get the following message in the console
The Content-Security-Policy directive 'require-sri-for' is implemented behind a flag which is currently disabled.
Any pointers on how to make this work ?