Release 0.4.1

yokawasa · Mar 1, 2020 · 4d104af · 4d104af
1 parent 1084ccb
commit 4d104af
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,9 @@
 
 All notable changes to the "jwt-debugger" extension will be documented in this file.
 
+## 0.4.1
+- Fix CSP: only allow the minimal amount of content that our extension needs to function
+
 ## 0.4.0
 - Add [Content-Security-Policy](https://code.visualstudio.com/api/extension-guides/webview#content-security-policy)
 

diff --git a/package.json b/package.json
@@ -2,7 +2,7 @@
   "name": "jwt-debugger",
   "displayName": "JWT Debugger",
   "description": "JWT tokens decoder - VS Code version of jwt.io debugger",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "license": "MIT",
   "publisher": "yokawasa",
   "repository": {

diff --git a/src/extension.ts b/src/extension.ts
@@ -60,7 +60,7 @@ function getWebviewContent(token: string, header: any, payload: any) {
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="Content-Security-Policy" content="default-src http://localhost:* http://127.0.0.1:*; script-src 'unsafe-inline'; style-src 'unsafe-inline';"></head>
+  <meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'unsafe-inline';">
   <title>JWT Debugger - Decoded</title>
 </head>
 <body>