Hi,
I have an add-on that I have developed, and I noticed that since firefox version 77.0, CSP is blocking my inline scripts at resource “script-src”.
This doesn’t reproduce on firefox version 76 or earlier, and I’ve read the release notes and I didn’t notice any changes that might affect the api.
Seems to me like there might be a bug on firefox.
Could anyone please check? (please check it on a page with csp for example: https://www.dropbox.com/)
I have attached below a very simple add-on that all it does is to empty all csp headers. You can see that on ff version 77.0 or later I get error message:
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). commons.js:24:16
on previous ff version I don’t get this message
Here is the add-on to demonstrate it: https://drive.google.com/file/d/1gCPEgBRZB0WoTF-L_BnrGigvdiaHw-36/view?usp=sharing