Hacker News new | ask | show | jobs
by evilpie 435 days ago
Removing security headers like Content-Security-Policy is forbidden by the addons.mozilla.org policy.

https://extensionworkshop.com/documentation/publish/add-on-p...
1 comments
gear54rus 435 days ago
I don't think this is being enforced in practice, thankfully.
link
davidmurdoch 435 days ago
It is. It happened to us a few weeks ago.
link
gear54rus 435 days ago
That's crazy. Did it happen to a public extension or an unlisted one?
link
davidmurdoch 435 days ago
Public, with about half a million installations.

I think it was noticed only because this version had a major bug that broke a bunch of websites.

link