Tighten up CSP

Should be all we need, modulo staging/prod.
2014-10-28 13:34:15 -07:00 · 2014-10-28 13:34:15 -07:00 · c4ae7a21d8
commit c4ae7a21d8
parent 24768712e0
1 changed files with 3 additions and 2 deletions
--- a/manifest.json
+++ b/manifest.json
@ -25,6 +25,7 @@

    "options_page": "options.html",

-    // XXX: FOR TESTING ONLY, REMOVE BEFORE RELEASE:
-    "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"
+  "content_security_policy":
+    "default-src 'self'; img-src 'self' data:; connect-src https://textsecure-service-staging.whispersystems.org wss://textsecure-service-staging.whispersystems.org https://whispersystems-textsecure-attachments-staging.s3.amazonaws.com"
+
 }