Update content-security-policy to be more explicit (#1109)

This commit is contained in:
toasted-nutbread 2020-12-13 13:56:45 -05:00 committed by GitHub
parent dabe5fa899
commit 05e213674c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 5 deletions

View File

@ -71,7 +71,7 @@
"pages": [
"bg/template-renderer.html"
],
"content_security_policy": "sandbox allow-scripts; script-src 'self' 'unsafe-eval'; object-src 'self'"
"content_security_policy": "sandbox allow-scripts; default-src 'self'; script-src 'self' 'unsafe-eval'"
},
"permissions": [
"<all_urls>",
@ -103,7 +103,7 @@
"fg/float.html",
"bg/template-renderer.html"
],
"content_security_policy": "script-src 'self'; object-src 'self'"
"content_security_policy": "default-src 'self'; style-src 'self' 'unsafe-inline'; media-src *; connect-src *"
},
"variants": [
{
@ -146,7 +146,7 @@
{
"action": "set",
"path": ["content_security_policy"],
"value": "script-src 'self' 'unsafe-eval'; object-src 'self'"
"value": "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; connect-src *"
},
{
"action": "set",

View File

@ -70,7 +70,7 @@
"pages": [
"bg/template-renderer.html"
],
"content_security_policy": "sandbox allow-scripts; script-src 'self' 'unsafe-eval'; object-src 'self'"
"content_security_policy": "sandbox allow-scripts; default-src 'self'; script-src 'self' 'unsafe-eval'"
},
"permissions": [
"<all_urls>",
@ -102,5 +102,5 @@
"fg/float.html",
"bg/template-renderer.html"
],
"content_security_policy": "script-src 'self'; object-src 'self'"
"content_security_policy": "default-src 'self'; style-src 'self' 'unsafe-inline'; media-src *; connect-src *"
}