Our extension injects styles into webpages via a protocol defined using our own protocol handler using <link rel="stylesheet">. We have our own nsIContentPolicy which we use to enforce which resources from this protocol can be injected into content pages.
The problem is that on sites the enforce their own CSP, the resources may not be loaded. For example, github.com has script-src set to 'self' so it won't load stylesheets via our protocol. Is there any way to designate a protocol as privileged so that it overrides the CSP? From looking at the source code it seems like certain protocols (about, chrome, resource) are hardcoded to override the CSP but I couldn't see a way to define other privileged protocols. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
