Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Commit

Permalink
Apply changes to "Remove CSP referrer directive"
Browse files Browse the repository at this point in the history 
https://chromium.googlesource.com/chromium/src.git/+/0a9c07c90d40fb1f3c76e93451948343cc306911
  • Loading branch information
@darkdh
darkdh committed Feb 5, 2017
1 parent c320129 commit 8294031
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
3 changes: 2 additions & 1 deletion app/extensions/brave/index-dev.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@
<!-- TODO: Don't allow img-src *, needed for favicons -->
<!-- TODO: Refactor away all unsafe-inline content -->
<!-- TODO: Replace suggestqueries.google.com and ac.duckduckgo.com and other search engines with a single config search engine -->
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; form-action http://localhost:*; referrer no-referrer; script-src 'self' http://localhost:*; connect-src 'self' https://s3.amazonaws.com/adblock-data/ https://s3.amazonaws.com/safe-browsing-data/ https://s3.amazonaws.com/tracking-protection-data/ https://s3.amazonaws.com/https-everywhere-data/ http://localhost:* ws://localhost:* https://suggestqueries.google.com https://ac.duckduckgo.com https://completion.amazon.com https://search.yahoo.com https://api.bing.com https://www.startpage.com https://infogalactic.com https://api.qwant.com https://brave-download.global.ssl.fastly.net https://brave-laptop-updates.global.ssl.fastly.net https://brave-download.global.ssl.fastly.net https://laptop-updates-pre.brave.com https://brave-laptop-updates-pre.brave.com; style-src 'unsafe-inline'; font-src 'self' http://localhost:*; img-src 'self' * data: file:; object-src 'self'; plugin-types application/browser-plugin">
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; form-action http://localhost:*; script-src 'self' http://localhost:*; connect-src 'self' https://s3.amazonaws.com/adblock-data/ https://s3.amazonaws.com/safe-browsing-data/ https://s3.amazonaws.com/tracking-protection-data/ https://s3.amazonaws.com/https-everywhere-data/ http://localhost:* ws://localhost:* https://suggestqueries.google.com https://ac.duckduckgo.com https://completion.amazon.com https://search.yahoo.com https://api.bing.com https://www.startpage.com https://infogalactic.com https://api.qwant.com https://brave-download.global.ssl.fastly.net https://brave-laptop-updates.global.ssl.fastly.net https://brave-download.global.ssl.fastly.net https://laptop-updates-pre.brave.com https://brave-laptop-updates-pre.brave.com; style-src 'unsafe-inline'; font-src 'self' http://localhost:*; img-src 'self' * data: file:; object-src 'self'; plugin-types application/browser-plugin">
<meta name="referrer" content="no-referrer">
<title>Brave</title>
<script src="ext/l20n.min.js"></script>
<script src="gen/app.entry.js" async></script>
Expand Down
3 changes: 2 additions & 1 deletion app/extensions/brave/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@
<!-- TODO: Don't allow img-src *, needed for favicons -->
<!-- TODO: Refactor away all unsafe-inline content -->
<!-- TODO: Replace suggestqueries.google.com and ac.duckduckgo.com and other search engines with a single config search engine -->
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; form-action http://localhost:*; referrer no-referrer; script-src 'self'; img-src * data: file:; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' https://s3.amazonaws.com/adblock-data/ https://s3.amazonaws.com/safe-browsing-data/ https://s3.amazonaws.com/tracking-protection-data/ https://s3.amazonaws.com/https-everywhere-data/ https://suggestqueries.google.com https://ac.duckduckgo.com https://completion.amazon.com https://search.yahoo.com https://api.bing.com https://www.startpage.com https://infogalactic.com https://api.qwant.com https://brave-download.global.ssl.fastly.net https://brave-laptop-updates.global.ssl.fastly.net https://laptop-updates-pre.brave.com https://brave-laptop-updates-pre.brave.com; object-src 'self'; plugin-types application/browser-plugin"/>
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; form-action http://localhost:*; script-src 'self'; img-src * data: file:; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' https://s3.amazonaws.com/adblock-data/ https://s3.amazonaws.com/safe-browsing-data/ https://s3.amazonaws.com/tracking-protection-data/ https://s3.amazonaws.com/https-everywhere-data/ https://suggestqueries.google.com https://ac.duckduckgo.com https://completion.amazon.com https://search.yahoo.com https://api.bing.com https://www.startpage.com https://infogalactic.com https://api.qwant.com https://brave-download.global.ssl.fastly.net https://brave-laptop-updates.global.ssl.fastly.net https://laptop-updates-pre.brave.com https://brave-laptop-updates-pre.brave.com; object-src 'self'; plugin-types application/browser-plugin"/>
<meta name="referrer" content="no-referrer">
<title>Brave</title>
<script src="ext/l20n.min.js"></script>
<script src="gen/app.entry.js" async></script>
Expand Down

1 comment on commit 8294031

@diracdeltas
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

++

Please sign in to comment.