Closed Bug 1489861 Opened Last year Closed Last year
"Content-Security-Policy: sandbox ..." header should not prevent injecting content scripts
Some clarification: the issue is caused by "Content-Security-Policy: sandbox ...". If there is any security concern here, it's pointless because it's easy to remove/alter aforementioned header using webRequest.onHeadersReceived and webRequestBlocking permission. I've tried to make a PoC and it works.
Summary: Unable to inject content_script into dropbox.com/help despite having <all_urls> permission → "Content-Security-Policy: sandbox ..." header should not prevent injecting content scripts
Status: UNCONFIRMED → RESOLVED
Closed: Last year
Resolution: --- → DUPLICATE
Duplicate of bug: 1411641
You need to log in before you can comment on or make changes to this bug.