From 9d231c7b026740ff98e7ed4726f381efadf89215 Mon Sep 17 00:00:00 2001
From: kkapsner <github@mail.kkapsner.de>
Date: Tue, 21 Aug 2018 22:01:10 +0200
Subject: [PATCH] CSP cleanup

Should help with #223.
---
 lib/dataUrls.js  | 4 ++--
 releaseNotes.txt | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/dataUrls.js b/lib/dataUrls.js
index a5057ce..1c90e53 100644
--- a/lib/dataUrls.js
+++ b/lib/dataUrls.js
@@ -49,8 +49,8 @@
 					logging.verbose("Adding CSP header to", details);
 					setHeader(headers, {
 						name: "Content-Security-Policy",
-						value: `object-src ${cspMatch}; frame-src ${cspMatch}; worker-src ${cspMatch}; child-src ${cspMatch}; ` +
-							"report-to https://canvasblocker.invalid/; report-uri https://canvasblocker.invalid/"
+						value: `object-src ${cspMatch}; frame-src ${cspMatch}`
+							// + "; report-to https://canvasblocker.invalid/; report-uri https://canvasblocker.invalid/"
 					});
 				}
 				return {
diff --git a/releaseNotes.txt b/releaseNotes.txt
index 9b6ae9b..1bc1869 100644
--- a/releaseNotes.txt
+++ b/releaseNotes.txt
@@ -16,6 +16,7 @@ Version 0.5.3:
 		- popup text not readable in some dark themes
 		- display conditions for notification settings
 		- page action not useable with a lot of notifications
+		- blocking of blob-worker broke some pages
 	
 	known issues:
 		- if a data URL is blocked the page action button does not appear