My add-on currently accesses methods on an installed NPAPI plugin. This has worked and still works in most websites. Recently this has stopped working in gmail. When I make the call
document.documentElement.appendChild(plugindiv);
I get the following error
Content Security Policy: The page’s settings blocked the loading of a resource at https://mail.google.com/mail/u/0/#inbox (“object-src https://mail-attachment.googleusercontent.com/swfs/ https://mail-attachment.googleusercontent.com/attachment/”).1(unknown)
Is there a recommended way to do this to avoid the CSP failure?
I understand that NPAPI plugins will be obsolete in the near future. I have plans to port this add-on to WebExtensions. For now, I need a way to keep the current add-on working until support for runtime.connectNative is released to the public.