From df1e1e42e8aa57148b78cdc613133f9371dd6d0c Mon Sep 17 00:00:00 2001
From: Roman-Nopantski <Roman-Nopantski@users.noreply.github.com>
Date: Thu, 23 Feb 2017 20:54:43 +1300
Subject: [PATCH] enforce CSP

---
 user.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/user.js b/user.js
index 1585e75..d1d2783 100644
--- a/user.js
+++ b/user.js
@@ -672,7 +672,9 @@ user_pref("network.stricttransportsecurity.preloadlist", true);
    // 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default)
    // https://github.com/pyllyukko/user.js/issues/210
 user_pref("browser.ssl_override_behavior", 1);
-
+// 1222: enforce CSP (Content Security Policy) (default is true)
+   // https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+user_pref("security.csp.enable", true);
 /*** 1400: FONTS ***/
 user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
 // 1401: disable websites downloading their own fonts (0=block, 1=allow)