From c4ae7a21d8f5503b28a07d82d3b7bd8730180191 Mon Sep 17 00:00:00 2001
From: lilia <liliakai@gmail.com>
Date: Tue, 28 Oct 2014 13:34:15 -0700
Subject: [PATCH] Tighten up CSP

Should be all we need, modulo staging/prod.
---
 manifest.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/manifest.json b/manifest.json
index 1dc8c7085..de3aa79b4 100644
--- a/manifest.json
+++ b/manifest.json
@@ -25,6 +25,7 @@
 
     "options_page": "options.html",
 
-    // XXX: FOR TESTING ONLY, REMOVE BEFORE RELEASE:
-    "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"
+  "content_security_policy":
+    "default-src 'self'; img-src 'self' data:; connect-src https://textsecure-service-staging.whispersystems.org wss://textsecure-service-staging.whispersystems.org https://whispersystems-textsecure-attachments-staging.s3.amazonaws.com"
+
 }