Bugzilla

Hey can we revisit this at all I notice lots of things have landed that were blockers?

Hey can we revisit this at all I notice lots of things have landed that were blockers? (I'm a little confused what policy we are using as in my nightly it's pretty restricted and yet I see 'prerendered' CSP in files like: browser/components/newtab/prerendered/locales/ach/activity-stream.html)

Looking at this again, it looks like all of the issues are resolved. 

The current policy I am seeing is:
default-src 'none'; object-src 'none'; script-src resource: chrome:; connect-src https:; img-src https: data: blob:; style-src 'unsafe-inline';

The only thing I see that isn't addressed is the unsafe inline styles. Shall we file that as a low priority follow up bug?