[meta] Manifest V3 CSP support
Categories
(WebExtensions :: General, task)
Tracking
(Not tracked)
People
(Reporter: mixedpuppy, Unassigned)
References
(Depends on 7 open bugs, Blocks 1 open bug)
Details
(Keywords: meta)
As part of V3 support we need to support setting CSP for content scripts.
Initially we'll support it in V2. CSP violations will only be logged to the console rather than causing any error. We will have one or two prefs, possibly one to disable or enable the logging, one to turn the warning into an error. This will allow extension developers to test their extensions ahead of V3.
The manifest content_security_policy key will support the current V2 string, or a V3 dictionary that can contain "extension_pages" and "content_scripts"[2]. Chrome additionally (will) supports "sandbox", however we do not support the sandbox manifest key.
The "extension_pages" replaces the current string value.
[1] https://bugs.chromium.org/p/chromium/issues/detail?id=896041
[2] https://chromium.googlesource.com/chromium/src/+/d4c1a926a9185194779ca8c26768e85c00954ab7
Reporter | ||
Updated•5 years ago
|
Reporter | ||
Updated•4 years ago
|
Comment 2•2 years ago
|
||
While this bug description was originally about CSP for content scripts and the manifest syntax, it has evolved to be the meta-bug that collects all MV3-related CSP changes. That fits with the generic bug title, but is beyond the initial bug description.
Updated•2 years ago
|
Updated•2 years ago
|
Description
•