IssueHuntsindresorhus/refined-github
Do you want to work on this issue?
You can request for a bounty in order to promote it!
Add content security policy to extension #4372
fregante posted onGitHub
I think we should specify a CSP in the manifest. Documentation:
- https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy
- https://developer.chrome.com/docs/apps/contentSecurityPolicy/
Investigation is needed to determine:
- what's the best/tightest CSP we can use in an extension
- whether it's useful in the first place and, more importantly
- whether this is compatible with enabling this on custom domains (to support GHE)