From 82f1882dcff3d1537f7c43621f269871a95ea0e6 Mon Sep 17 00:00:00 2001
From: Aaron Shim <aaronshim@google.com>
Date: Mon, 21 Oct 2024 19:08:23 +0000
Subject: [PATCH] More descriptive options descriptions in angular.json

---
 packages/angular/build/src/builders/application/schema.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/angular/build/src/builders/application/schema.json b/packages/angular/build/src/builders/application/schema.json
index d0a644863e84..d47875c6527e 100644
--- a/packages/angular/build/src/builders/application/schema.json
+++ b/packages/angular/build/src/builders/application/schema.json
@@ -43,7 +43,7 @@
       "additionalProperties": false,
       "properties": {
         "autoCsp": {
-          "description": "Enables auto-CSP generation. Will default to true once we are out of experimental/preview phases.",
+          "description": "Enables automatic generation of a hash-based Strict Content Security Policy (https://web.dev/articles/strict-csp#choose-hash) based on scripts in index.html. Will default to true once we are out of experimental/preview phases.",
           "default": false,
           "oneOf": [
             {
@@ -51,7 +51,7 @@
               "properties": {
                 "unsafeEval": {
                   "type": "boolean",
-                  "description": "Include the `unsafe-eval` directive in the auto-CSP. Please only enable this if you are absolutely sure that you need to, as allowing calls to eval will weaken the XSS defenses provided by the auto-CSP.",
+                  "description": "Include the `unsafe-eval` directive (https://web.dev/articles/strict-csp#remove-eval) in the auto-CSP. Please only enable this if you are absolutely sure that you need to, as allowing calls to eval will weaken the XSS defenses provided by the auto-CSP.",
                   "default": false
                 }
               },