diff options
| author | toasted-nutbread <toasted-nutbread@users.noreply.github.com> | 2020-12-13 13:56:45 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-13 13:56:45 -0500 |
| commit | 05e213674c794d55a05acc61cb24ed9642ccc1db (patch) | |
| tree | cf245004fb2f47da6d2720bd470880b3c9eed713 | |
| parent | dabe5fa8994de1f93acd41a29bd168f485a98e29 (diff) | |
Update content-security-policy to be more explicit (#1109)
| -rw-r--r-- | dev/data/manifest-variants.json | 6 | ||||
| -rw-r--r-- | ext/manifest.json | 4 |
2 files changed, 5 insertions, 5 deletions
diff --git a/dev/data/manifest-variants.json b/dev/data/manifest-variants.json index 486e78c0..3f65d86f 100644 --- a/dev/data/manifest-variants.json +++ b/dev/data/manifest-variants.json @@ -71,7 +71,7 @@ "pages": [ "bg/template-renderer.html" ], - "content_security_policy": "sandbox allow-scripts; script-src 'self' 'unsafe-eval'; object-src 'self'" + "content_security_policy": "sandbox allow-scripts; default-src 'self'; script-src 'self' 'unsafe-eval'" }, "permissions": [ "<all_urls>", @@ -103,7 +103,7 @@ "fg/float.html", "bg/template-renderer.html" ], - "content_security_policy": "script-src 'self'; object-src 'self'" + "content_security_policy": "default-src 'self'; style-src 'self' 'unsafe-inline'; media-src *; connect-src *" }, "variants": [ { @@ -146,7 +146,7 @@ { "action": "set", "path": ["content_security_policy"], - "value": "script-src 'self' 'unsafe-eval'; object-src 'self'" + "value": "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; connect-src *" }, { "action": "set", diff --git a/ext/manifest.json b/ext/manifest.json index 89af7011..3695c053 100644 --- a/ext/manifest.json +++ b/ext/manifest.json @@ -70,7 +70,7 @@ "pages": [ "bg/template-renderer.html" ], - "content_security_policy": "sandbox allow-scripts; script-src 'self' 'unsafe-eval'; object-src 'self'" + "content_security_policy": "sandbox allow-scripts; default-src 'self'; script-src 'self' 'unsafe-eval'" }, "permissions": [ "<all_urls>", @@ -102,5 +102,5 @@ "fg/float.html", "bg/template-renderer.html" ], - "content_security_policy": "script-src 'self'; object-src 'self'" + "content_security_policy": "default-src 'self'; style-src 'self' 'unsafe-inline'; media-src *; connect-src *" } |