From de21ffd178b3d9106de55de0216b4455e4b73ffb Mon Sep 17 00:00:00 2001
From: Roman-Nopantski <Roman-Nopantski@users.noreply.github.com>
Date: Thu, 9 Mar 2017 08:08:12 +1300
Subject: [PATCH] security.csp.experimentalEnabled

---
 user.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/user.js b/user.js
index b0f44eb..4ae61ab 100644
--- a/user.js
+++ b/user.js
@@ -1195,6 +1195,10 @@ user_pref("network.IDN_show_punycode", true);
 /* 2673: enforce CSP (Content Security Policy) (default is true)
  * https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP ***/
 user_pref("security.csp.enable", true);
+/* 2674: enable CSP 1.1 experimental hash-source directive (FF29+)
+ * https://bugzilla.mozilla.org/show_bug.cgi?id=855326
+ * https://bugzilla.mozilla.org/show_bug.cgi?id=883975 ***/
+user_pref("security.csp.experimentalEnabled", true);
 
 /*** 2697: USER AGENT (UA) SPOOFING
      Spoofing your UA to *LOWER* entropy *does* *not* *work*. It may even cause site breakage