26199620340
85%
master: 85%

Ran 21 May 2026 01:19AM UTC

Jobs 1

Files 25

Run time 1min

Badge

Embed ▾

Committed 21 May 2026 12:49AM UTC coverage: 85.425% (+0.03%) from 85.395%

Build # 26199620340

Build Type

Pull #291

github

Committed by

paskal

Commit Message

docs(auth): fix misleading withSecurityHeaders CONSUMER NOTE

Per Copilot review on PR #290 (post-merge), the previous note suggested custom
HTML handlers could fix CSP blocking by "moving scripts/styles to external files
served from 'self'". That's wrong: the wrapper applies default-src 'none', so
even self-hosted scripts/styles/forms are blocked, and sandbox additionally
disables script execution and form submission outright.

The only viable path for an HTML custom handler is option (a): override the CSP
on its own response. The note now spells out what the wrapper actually does and
gives a concrete example of a relaxed CSP for a form-based custom provider.

Docstring-only change in both v1 (auth.go) and v2 (v2/auth.go). No behavior change.

Pull Request Pull Request #291: docs(auth): fix misleading withSecurityHeaders CONSUMER NOTE

Coverage Stats

3042 of 3561 relevant lines covered (85.43%)

8.31 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	26199620340.1	21 May 2026 01:19AM UTC	25	85.43	GitHub Action Run

go-pkgz / auth / 26199620340
85%
master: 85%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 26199620340

go-pkgz / auth / 26199620340 85% master: 85%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 26199620340

go-pkgz / auth / 26199620340
85%
master: 85%

README BADGES
x