Skip to content

docs: fix stale Permissions-Policy and CSP scoring criteria in README#90

Open
dmchaledev wants to merge 1 commit into
mainfrom
claude/nice-mendel-lib6c4
Open

docs: fix stale Permissions-Policy and CSP scoring criteria in README#90
dmchaledev wants to merge 1 commit into
mainfrom
claude/nice-mendel-lib6c4

Conversation

@dmchaledev

Copy link
Copy Markdown
Contributor

Summary

  • The "Headers Checked" table in the README said Permissions-Policy is scored on mere presence, but checkPermissionsPolicy (src/rules.ts) actually requires camera=(), microphone=(), and geolocation=() to be restricted for full credit — presence alone only earns half the points.
  • The CSP row didn't mention the base-uri check or the bare-scheme/wildcard-source check (https:, *, etc.) that checkCSP performs, both of which affect the score.

Since this package's main value proposition is helping users reach a good grade, inaccurate scoring documentation is actively misleading — a reader could add a bare Permissions-Policy header expecting full marks and still land a "warning" status.

Changes

  • Updated the Permissions-Policy row to reflect the camera/microphone/geolocation requirement.
  • Updated the CSP row to mention the wildcard/bare-scheme and base-uri checks.

No code changes — docs only.

Test plan

  • npx vitest run — 85 tests pass (unaffected, docs-only change)
  • npm run typecheck — passes
  • Manually diffed each README table row against the corresponding logic in src/rules.ts to confirm accuracy

🤖 Generated with Claude Code

https://claude.ai/code/session_01Tzhr2b5BycnZ2yf98aiLZe


Generated by Claude Code

The "Headers Checked" table said Permissions-Policy scores on mere
presence and didn't mention CSP's base-uri/bare-scheme checks, but
rules.ts requires camera/microphone/geolocation to be restricted for
full credit and separately checks base-uri and bare-scheme sources.
Update the table to match the actual scoring logic so users aren't
misled about how to reach a good grade.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Tzhr2b5BycnZ2yf98aiLZe
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants