My extension can connect from the background script like this:
manifest.json
"content_security_policy": "default-src 'self'; connect-src wss://echo.websocket.org;"
background.js
var ws = new WebSocket('wss://echo.websocket.org');
But trying to connect from the content strip throws:
manifest.json
"content_scripts": [
{
"matches": [
"https://example.com/*"
],
"js": [
"inject.js"
],
inject.js
var ws = new WebSocket('wss://echo.websocket.org');
Error
Content Security Policy: The page’s settings blocked the loading of a resource at wss://echo.websocket.org/ (“connect-src”).
It seems to me it’s because the page doesn’t have in its CSP the host I want to connect to, but this works on Chrome so maybe it’a not a feature in Firefox but a bug.
Is there a workaround to this issue?