Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reevaluate stronger CSP for extension; remove unsafe-eval #1823

Closed
brendankenny opened this issue Mar 6, 2017 · 3 comments
Closed

Reevaluate stronger CSP for extension; remove unsafe-eval #1823

brendankenny opened this issue Mar 6, 2017 · 3 comments
Labels
extension good first issue P3

Comments

@brendankenny
Copy link
Member

With the move to precompiled templates in #1752, we should be able to enable stronger CSP protection for the extension. At the least we can hopefully now remove unsafe-eval, but it would be nice to do a quick audit while in there to see what other protections we could enable/more strictly enforce.
@swagasoft
Copy link

Hey, I will like to take care of this, can you give me a hint on how to go about this?

@connorjclark
Copy link
Collaborator

The extension has since been simplified, and we use the default extension CSP which is strong.

@brendankenny
Copy link
Member Author

Yep, sorry @swagasoft! We should have closed this when the custom CSP was removed in #10380

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
extension good first issue P3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@brendankenny @patrickhulce @connorjclark @swagasoft