Skip to content

Commit 6224437

Browse files
DreamLab-AI Mega-Sprintruvnet
andcommitted
security: add explicit Content Security Policy to manifest
MV3 has restrictive CSP defaults, but an explicit policy documents the intended security posture, prevents accidental relaxation during future development, and makes the extension's trust boundary auditable at a glance. Co-Authored-By: claude-flow <ruv@ruv.net>
1 parent b83f414 commit 6224437

1 file changed

Lines changed: 3 additions & 0 deletions

File tree

manifest.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,9 @@
33
"name": "Podkey",
44
"version": "0.0.7",
55
"description": "did:nostr and Solid authentication extension - NIP-07 wallet for decentralized identity",
6+
"content_security_policy": {
7+
"extension_pages": "script-src 'self'; object-src 'self'"
8+
},
69
"permissions": [
710
"storage",
811
"webRequest"

0 commit comments

Comments
 (0)