Couldn't CSP be used to limit which paths were valid URLs? There could also be h... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

angry_octet on Jan 20, 2021 | parent | context | favorite | on: I no longer trust The Great Suspender

Couldn't CSP be used to limit which paths were valid URLs?

There could also be hierarchies of extension permissions, because they don't all need to be able to do everything.

gruez on Jan 20, 2021 [–]

extensions can also remove/add CSPs I think, either through modifying the header or modifying the DOM.

angry_octet on Jan 20, 2021 | [–]

Yes, but you could strictly limit which extensions had that permission, make it a site specific permission, etc. Auto disabling an extension that changes to require that permission would be a start.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact