From 32e2c6dcb5201199bf3eda1d09312c7f5bac2411 Mon Sep 17 00:00:00 2001
From: Scott Nonnenberg <scott@signal.org>
Date: Tue, 15 May 2018 17:21:56 -0700
Subject: [PATCH] Add form-action: 'self' to CSP for defense in depth

---
 background.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/background.html b/background.html
index 995a69ace..d773c85b7 100644
--- a/background.html
+++ b/background.html
@@ -11,6 +11,7 @@
             child-src 'self';
             connect-src 'self' https: wss:;
             font-src 'self';
+            form-action 'self';
             frame-src 'none';
             img-src 'self' blob: data:;
             media-src 'self' blob:;