Index: lib/csp.js |
diff --git a/lib/csp.js b/lib/csp.js |
index 5309863ab1bb65b9f8a5318d44ef723d0a6d49e9..b03925b8e7932f355b4eb8cd78369069b593da22 100644 |
--- a/lib/csp.js |
+++ b/lib/csp.js |
@@ -34,13 +34,13 @@ chrome.webRequest.onHeadersReceived.addListener(function(details) |
// since the Chrome extension API does not allow us to intercept them. |
// https://bugs.chromium.org/p/chromium/issues/detail?id=129353 |
// |
- // We also need the child-src and object-src restrictions since CSPs are |
+ // We also need the frame-src and object-src restrictions since CSPs are |
// not inherited from the parent for documents with data: and blob: URLs. |
// https://bugs.chromium.org/p/chromium/issues/detail?id=513860 |
// |
// "http:" also includes "https:" implictly. |
// https://www.chromestatus.com/feature/6653486812889088 |
- value: "connect-src http:; child-src http:; object-src http:" |
+ value: "connect-src http:; frame-src http:; object-src http:" |
}); |
return {responseHeaders: details.responseHeaders}; |
} |