Skip to content

Drop data protocol from requestBridgeDialog.xhtml csp when captcha is dropped

In !1606 (merged) we added CSP rules for requestBridgeDialog.xhtml for the captcha image.

After this captcha is gone due to tpo/ux/design#185 we can change

<?csp default-src chrome:; img-src data: ?>

to just

<?csp default-src chrome: ?>

and remove requestBridgeDialog.xhtml from sImgSrcDataBlobAllowList in dom/security/nsContentSecurityUtils.cpp.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information