Your plugin was mentioned in https://github.com/microsoft/vscode/issues/79340 as one of the extensions lacking content-security-policy in its webview. While I found that you did use one, your policy was not as restrictive as possible.
I have removed the self property as it was not needed. Your extension uses only script, style and images resources, so using the default-src included too many resources like fonts, iframes, media and many more (See in MDN).
I have tested the new policy in the Webview Developer Tools and it works!
Hi!
Your plugin was mentioned in https://github.com/microsoft/vscode/issues/79340 as one of the extensions lacking content-security-policy in its webview. While I found that you did use one, your policy was not as restrictive as possible.
I have removed the
self
property as it was not needed. Your extension uses only script, style and images resources, so using thedefault-src
included too many resources like fonts, iframes, media and many more (See in MDN).I have tested the new policy in the Webview Developer Tools and it works!