Remove lax CSP/eval from production builds

2026-06-10 09:39:58 +00:00 · 2019-02-10 11:04:52 +00:00
parent 5c62f40dd2
commit 53a16ccde7
4 changed files with 31 additions and 26 deletions
--- a/ext/src/manifest.json
+++ b/ext/src/manifest.json
@@ -3,13 +3,12 @@
  , "description": "__MSG_extensionDescription__"
  , "version": "EXTENSION_VERSION"

-  , "applications": {
+  , "browser_specific_settings": {
        "gecko": {
            "id": "EXTENSION_ID"
          , "strict_min_version": "64.0"
        }
    }
-
  , "browser_action": {
        "default_popup": "popup/index.html"
    }
@@ -24,15 +23,13 @@
          , "run_at": "document_start"
        }
    ]
-
-  , "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"
+  , "content_security_policy": "CONTENT_SECURITY_POLICY"
  , "default_locale": "en"
  , "manifest_version": 2

  , "options_ui": {
        "page": "options/index.html"
    }
-
  , "permissions": [
        "menus"
      , "nativeMessaging"
@@ -42,7 +39,6 @@
      , "webRequestBlocking"
      , "<all_urls>"
    ]
-
  , "web_accessible_resources": [
        "shim/bundle.js"
      , "vendor/webcomponents-lite.min.js"
--- a/ext/src/shim/cast/index.js
+++ b/ext/src/shim/cast/index.js
@@ -278,6 +278,7 @@ onMessage(message => {
                state.sessionRequestInProgress = false;
                sessionErrorCallback(new Error_(ErrorCode.CANCEL));
            }
+
            break;
        }
    }