How to connect via web socket to website not specified in the page's CSP?

My extension can connect from the background script like this:

manifest.json

"content_security_policy": "default-src 'self'; connect-src wss://echo.websocket.org;"

background.js

var ws = new WebSocket('wss://echo.websocket.org');

But trying to connect from the content strip throws:

manifest.json

	"content_scripts": [
		{
			"matches": [
				"https://example.com/*"
			],
			"js": [
				"inject.js"
			],

inject.js

var ws = new WebSocket('wss://echo.websocket.org');

Error

Content Security Policy: The page’s settings blocked the loading of a resource at wss://echo.websocket.org/ (“connect-src”).

It seems to me it’s because the page doesn’t have in its CSP the host I want to connect to, but this works on Chrome so maybe it’a not a feature in Firefox but a bug.

Is there a workaround to this issue?

You want to use host permission:

(simply put the URL you need to access to the permissions array)

DO NOT use "content_security_policy" in the manifest unless you 100% sure you know what you are doing.