From 8471bfe5f1808583456903c2caa9bbf4924431d9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 13 Mar 2019 17:59:44 +0000 Subject: [PATCH] Updated 4.1 Extensions (markdown) --- 4.1-Extensions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/4.1-Extensions.md b/4.1-Extensions.md index 4db8b66..edbc551 100644 --- a/4.1-Extensions.md +++ b/4.1-Extensions.md @@ -4,7 +4,7 @@ Also, see [this sticky issue](https://github.com/ghacksuserjs/ghacks-user.js/iss If you would like to submit a privacy or security related extension to be added to this list, please post the details [here](https://github.com/ghacksuserjs/ghacks-user.js/issues/655) for consideration, thanks. -:exclamation: **CSP**: When multiple extensions use CSP injection to modify headers, **only one wins** and predicting the winner is like [rolling a dice](https://github.com/ghacksuserjs/ghacks-user.js/issues/265#issuecomment-393935989). Also see [#497](https://github.com/ghacksuserjs/ghacks-user.js/issues/497) and [1421725](https://bugzilla.mozilla.org/show_bug.cgi?id=1421725) (one of many bugzillas). **Some** CSP items to be aware of are highlighted below. +:exclamation: **CSP**: When multiple extensions use CSP injection to modify headers, **only one wins** and predicting the winner is like [rolling a dice](https://github.com/ghacksuserjs/ghacks-user.js/issues/265#issuecomment-393935989). Also see [#497](https://github.com/ghacksuserjs/ghacks-user.js/issues/497) and bugzilla [1421725](https://bugzilla.mozilla.org/show_bug.cgi?id=1421725) and [1477696](https://bugzilla.mozilla.org/show_bug.cgi?id=1477696). **Some** CSP items to be aware of are highlighted below. ### :small_orange_diamond: Extensions These are all, where applicable, best configured to `deny-all` and whitelist.