This repository has been archived by the owner on Dec 11, 2019. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove unnecessary hosts from Brave index*.html CSP
Removes the following hosts from the connect-src directive: https://s3.amazonaws.com/adblock-data/ https://s3.amazonaws.com/safe-browsing-data/ https://s3.amazonaws.com/tracking-protection-data/ https://s3.amazonaws.com/https-everywhere-data/ https://brave-download.global.ssl.fastly.net https://brave-laptop-updates.global.ssl.fastly.net https://laptop-updates-pre.brave.com https://brave-laptop-updates-pre.brave.com These are not necessary to whitelist in CSP since they are only connected to from the main process, not the renderer process. fix #12263 Test Plan: 1. automated test passes 2. Delete httpse.json, *.dat, and `Extensions/jdbefljfgobbmcidnmpjamcbhnbphjnb/` in your brave APP_DATA directory (ex: `/Users/yan/Library/Application Support/Brave`) 3. Build a package if not running from a pre-packaged version of brave: `CHANNEL=dev npm run build-package` 4. Open the packaged version of Brave 5. Click 'Check for updates' from the file menu. It should show that no updates are available instead of an error. 6. Make sure opening a PDF works 7. Make sure HTTPS Everywhere works using https://https-everywhere.badssl.com/
- Loading branch information