the jShelter extension currently does not override the default extension CSP of "content_security_policy": "default-src 'self'"
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy
The tool seespee might be useful to generate a CSP for what we currently use. https://github.com/papandreou/seespee
Metadata Update from @polcak: - Issue set to the milestone: NLNet evaluation
Fixed in e7418a5.
Metadata Update from @polcak: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.