Open Bug 1581608 Opened 5 years ago Updated 2 years ago

[meta] Manifest V3 CSP support

Categories

(WebExtensions :: General, task)

task

Tracking

(Not tracked)

People

(Reporter: mixedpuppy, Unassigned)

References

(Depends on 7 open bugs, Blocks 1 open bug)

Details

(Keywords: meta)

As part of V3 support we need to support setting CSP for content scripts.

Initially we'll support it in V2. CSP violations will only be logged to the console rather than causing any error. We will have one or two prefs, possibly one to disable or enable the logging, one to turn the warning into an error. This will allow extension developers to test their extensions ahead of V3.

The manifest content_security_policy key will support the current V2 string, or a V3 dictionary that can contain "extension_pages" and "content_scripts"[2]. Chrome additionally (will) supports "sandbox", however we do not support the sandbox manifest key.

The "extension_pages" replaces the current string value.

[1] https://bugs.chromium.org/p/chromium/issues/detail?id=896041
[2] https://chromium.googlesource.com/chromium/src/+/d4c1a926a9185194779ca8c26768e85c00954ab7

Blocks: manifest-v3
No longer blocks: 1578405
Depends on: 1581609
Depends on: 1581611
See Also: → 1267027
Depends on: 1587939
Depends on: 1588004
Depends on: 1588956
Depends on: 1588957
Depends on: 1589171
Depends on: 1594232
Depends on: 1594234
Depends on: 1594235
Depends on: 1602962
Depends on: 1685123
Summary: [meta] Allow Extensions to specify CSP for content scripts → [meta] Manifest V3 CSP support
No longer depends on: 1594235
Depends on: 1691983
Depends on: 1766813

While this bug description was originally about CSP for content scripts and the manifest syntax, it has evolved to be the meta-bug that collects all MV3-related CSP changes. That fits with the generic bug title, but is beyond the initial bug description.

Depends on: 1766881
Depends on: 1789751
Depends on: 1789759
Severity: normal → S3
Severity: normal → S3
Depends on: 1766027
You need to log in before you can comment on or make changes to this bug.