(In reply to William Durand [:willdurand] from comment #1) > > This only affects extensions that use WebAssembly and specify a custom content_security_policy, whether in manifest.json or in an extension page. Extensions that wish to use WebAssembly AND specify a custom CSP should update script-src, to add 'wasm-unsafe-eval'. > > :TheOne FYI + any thoughts on how to communicate this change to affected developers? We know that many extensions have custom CSP but probably a tiny fraction of them use WASM.. I am not sure we have that capability at the moment. For are more precise list, one would have to download all versions of all add-ons that override the CSP and inspect each for the use of wasm.
Bug 1770909 Comment 2 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to William Durand [:willdurand] from comment #1) > > This only affects extensions that use WebAssembly and specify a custom content_security_policy, whether in manifest.json or in an extension page. Extensions that wish to use WebAssembly AND specify a custom CSP should update script-src, to add 'wasm-unsafe-eval'. > > :TheOne FYI + any thoughts on how to communicate this change to affected developers? We know that many extensions have custom CSP but probably a tiny fraction of them use WASM.. I am not sure we have that capability at the moment. For are more precise list, one would have to download all versions of all add-ons that override the CSP and inspect each for the use of wasm. Once we have that, communication itself is not a problem. We can do that through Acoustic, we only need the `fxa_id`s of these developers.