https://leapgraph.com/graphql-api-security

This article mentions several add-on packages that Reaction may want to use. This issue is simply to investigate whether these vulnerabilities are present and try adding the packages to solve them.

rc51.
using a reverse proxy, I serve directus from apps.my.tld/app/directus/ and thus set the PUBLIC_URL to /app/directus/. This works for all the statics and requests, but the requests to the extensions don't work:
https://apps.my.tld/extensions/interfaces/
https://apps.my.tld/extensions/displays/
https://apps.my.tld/extensions/layouts/
https://apps.my.tld/extensions/modules/

What is the motivation for adding / enhancing this feature?

Write Unit tests for HTTP2 Server Push Module (you can find it on develop branch)

What are the acceptance criteria

• Unit tests for

Expose an api or a config to bypass csp headers for a page.

CDP api reference: https://chromedevtools.github.io/devtools-protocol/tot/Page/#method-setBypassCSP

when browsing, i should be able to perf-check right from the browser and results should be siphoned back to the extension.

各位好，

• 非常开心大家对于crawlergo的认可，但目前由于本人工作原因，可能无法及时的去挨个实现大家的需求，我会利用空余时间去实现比较有价值的特性和一些比较严重的BUG，更新速度可能是以月为单位，还请各位见谅。
• 有一些常见问题之前的issue已经提到并解决，大家在提新的issue时，请先看看closed
  的issue，说不定能找到解决办法。

@9ian1i