From 6d118e9fb07258fc4dec8a8979c500c34291a966 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 17 Apr 2019 00:24:21 +0000 Subject: [PATCH] Updated 4.1 Extensions (markdown) --- 4.1-Extensions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/4.1-Extensions.md b/4.1-Extensions.md index edbc551..bddb3df 100644 --- a/4.1-Extensions.md +++ b/4.1-Extensions.md @@ -4,7 +4,7 @@ Also, see [this sticky issue](https://github.com/ghacksuserjs/ghacks-user.js/iss If you would like to submit a privacy or security related extension to be added to this list, please post the details [here](https://github.com/ghacksuserjs/ghacks-user.js/issues/655) for consideration, thanks. -:exclamation: **CSP**: When multiple extensions use CSP injection to modify headers, **only one wins** and predicting the winner is like [rolling a dice](https://github.com/ghacksuserjs/ghacks-user.js/issues/265#issuecomment-393935989). Also see [#497](https://github.com/ghacksuserjs/ghacks-user.js/issues/497) and bugzilla [1421725](https://bugzilla.mozilla.org/show_bug.cgi?id=1421725) and [1477696](https://bugzilla.mozilla.org/show_bug.cgi?id=1477696). **Some** CSP items to be aware of are highlighted below. +:exclamation: **CSP**: When multiple extensions use CSP injection to modify headers, **only one wins** and predicting the winner is like [rolling a dice](https://github.com/ghacksuserjs/ghacks-user.js/issues/265#issuecomment-393935989). See [#664](https://github.com/ghacksuserjs/ghacks-user.js/issues/497) and bugzillas [1421725](https://bugzilla.mozilla.org/show_bug.cgi?id=1421725), [1477696](https://bugzilla.mozilla.org/show_bug.cgi?id=1477696) and [1462989](https://bugzilla.mozilla.org/show_bug.cgi?id=1462989). **Some** CSP items to be aware of are highlighted below. ### :small_orange_diamond: Extensions These are all, where applicable, best configured to `deny-all` and whitelist.