How to connect via web socket to website not specified in the page's CSP?

My extension can connect from the background script like this:


"content_security_policy": "default-src 'self'; connect-src wss://;"


var ws = new WebSocket('wss://');

But trying to connect from the content strip throws:


	"content_scripts": [
			"matches": [
			"js": [


var ws = new WebSocket('wss://');


Content Security Policy: The page’s settings blocked the loading of a resource at wss:// (“connect-src”).

It seems to me it’s because the page doesn’t have in its CSP the host I want to connect to, but this works on Chrome so maybe it’a not a feature in Firefox but a bug.

Is there a workaround to this issue?

You want to use host permission:

(simply put the URL you need to access to the permissions array)

DO NOT use "content_security_policy" in the manifest unless you 100% sure you know what you are doing.