Brett, You can currently use CSP's connect-src directive to limit the domains to which a web site may submit data (via XHR, EventSource, etc.) A couple of things to note:
1. This protection must be opted into by the site (by setting the header). A concerned user could use the UserCSP addon (does it still work) to limit a site's behavior as well? 2. There is no user-facing UI for CSP for users (there are console messages and violation reports for developers). CSP is intended to be transparent to the user. We have vaguely discussed creating a centralized "site content permissions" dialog, due to the proliferation of content policies (both in the browser and from addons), but no one is working on that at the moment. _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
