1 comment

[ 5.6 ms ] story [ 15.3 ms ] thread
Seems completely reasonable -- my only take on this is that I'd like to see web extensions be given more control over pages.

In particular, this is the second time I've seen an extension author complain about CSP headers blocking development (Greasemonkey being the first). If this is expected behavior, it seems weird to me that extensions can't bypass CSP headers -- a webpage shouldn't be able to control what an extension does.

If it's not expected behavior, it would be good for Firefox devs to clarify better how extensions are meant to handle CSP headers, since it seems like multiple extension authors have gotten bitten by them.

I can't think of any instance where I would want a webpage to be able to decide what capabilities an extension can have.