Hello!
We are porting a Chrome extension over to Firefox but are facing a bit of difficulty understanding the error below when attempting to load the addon’s popup.
The error is:
Content Security Policy: The page’s settings blocked the loading of a resource at http://localhost:3000/js/background.bundle.js (“script-src moz-extension://f75eb895-35f3-4b46-8ca4-41f60a168587 https://* moz-extension: blob: filesystem: ‘unsafe-eval’ ‘unsafe-inline’”). (unknown)
Content Security Policy: The page’s settings blocked the loading of a resource at http://localhost:3000/js/background.bundle.js (“script-src moz-extension://f75eb895-35f3-4b46-8ca4-41f60a168587”). (unknown)
For context, all of the extension code is provided by webpack in a special developer mode on localhost:3000
. This works great in Chrome but fails in Firefox and I haven’t been able to work out why so far. Here is the value of the content_security_policy
directive in our developer-mode manifest file:
"content_security_policy": "default-src 'self'; script-src 'self' http://localhost:3000 https://localhost:3000 'unsafe-eval'; connect-src *; style-src * 'unsafe-inline' 'self' blob:; img-src 'self' data:; font-src 'self' data:;"
Is this a bug or a divergence in behaviour from Chrome? How can it be fixed?