-
Notifications
You must be signed in to change notification settings - Fork 22.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix inaccuracies in extension CSP documentation #20437
Conversation
Preview URLs
External URLsURL:
URL:
(this comment was updated 2022-09-10 23:51:13.292728) |
2370f26
to
895f797
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few nits, not all related to your changes, suggested changes
files/en-us/mozilla/add-ons/webextensions/content_security_policy/index.md
Outdated
Show resolved
Hide resolved
files/en-us/mozilla/add-ons/webextensions/content_security_policy/index.md
Outdated
Show resolved
Hide resolved
- Document content script CSP ( bugzil.la/1581611 ). - Clarify what CSP covers (not just `<script>`). - Clarify role of object-src ( bugzil.la/1766881 , crbug.com/1320785 ). - Clarify what is considered a secure source for MV2 and MV3. - Remove localhost ( bugzil.la/1789751 ). - Remove "valid" examples that are actually not valid MV3 examples. - Add formatting to style invalid examples as "example-bad".
80f8518
to
6aa2b81
Compare
@Rob--W are you happy if I merge or do you want to review from @mixedpuppy too? |
- Document content script CSP ( bugzil.la/1581611 ). - Clarify what CSP covers (not just `<script>`). - Clarify role of object-src ( bugzil.la/1766881 , crbug.com/1320785 ). - Clarify what is considered a secure source for MV2 and MV3. - Remove localhost ( bugzil.la/1789751 ). - Remove "valid" examples that are actually not valid MV3 examples. - Add formatting to style invalid examples as "example-bad".
<script>
).object-src
from the CSP (at least in MV3) w3c/webextensions#204