clobberCSP(response: any): { responseHeaders: any } | {}
Reduce CSP safety to permit tridactyl to run correctly
style-src needs 'unsafe-inline' (hinting styles) and 'self' (mode indicator hiding)
script-src needs 'unsafe-eval' (event hijacking)
- but that's pretty dangerous, so maybe we shouldn't just clobber it?
sandbox must not be set
This only needs to happen because of a Firefox bug and we should stop doing
it when they fix the bug.
Reduce CSP safety to permit tridactyl to run correctly
style-src needs 'unsafe-inline' (hinting styles) and 'self' (mode indicator hiding) script-src needs 'unsafe-eval' (event hijacking) - but that's pretty dangerous, so maybe we shouldn't just clobber it? sandbox must not be set
This only needs to happen because of a Firefox bug and we should stop doing it when they fix the bug.