|
|
|
|
|
|
by varenc
1853 days ago
|
|
|
Because even through a user can grant a Chrome extension access to particular site, when that site has certain CSP policies enabled there's no way for the Chrome extension to interact with that page's JS. CSP is enforced on the extension's JS, even though the user wants to permit it. Chrome could make things much easier for developers, and arguable safer, by offering some straightforward way for an extension to interact with a page that doesn't involve messing with CSP headers. |
|
|