问题
I have an extension in both Mozilla and Chrome, in my extension I make a call to a remote JS file.
To avoid the CSP in Chrome, I add the rule to manifest.json and my file goin over HTTPS so everything is perfect.
But in Mozilla, I could not find out how to load the JS. Even over https dont work. The only thing I found on this was another question here on Stackoverflow: How to add Content Security Policy to Firefox extension, but are not sure where to insert that code, my extension its very simple.
I just need that, how i can handle CSP on a Firefox addon?
Thanks and sorry for my English!
回答1:
Notidart help me a lot with this problem. With the help of the link I gave, Notidart work on this extension just for testing:
https://github.com/Noitidart/_ff-addon-template-BootstrapWatchHostEventListenerInjectJQUERY/tree/patch-1
That extension inject a JS file and an Image just for example, and Have Implemented the code that Jai Prakash put on How to add Content Security Policy to Firefox extension and its working well. It injects the file on all sites with a CSP defined.
Thank you very much to both, there is no easy way or documentation for avoid the CSP in Firefox extensions, but this solution works very well.
来源:https://stackoverflow.com/questions/23189255/content-security-policy-on-mozilla-extension