Hello everyone,
As you may know, in Google Chrome, they have a configuration of Content Security Policy (CSP) in manifest.json file as below:
“content_security_policy”: “[POLICY STRING GOES HERE]”
This introduces some fairly strict policies that will make extensions more secure by default, and provides you with the ability to create and enforce rules governing the types of content that can be loaded and executed by your extensions and applications
I wonder if we have the same configuration or functionality in FF extension. In case we don’t have it in FF Extension, is it valid and possible to edit CSP by editing request header? Is it valid to set “security.csp.enable” to false? I mean they are still valid for auto-signing process or not.
Thanks,
Phuong Nguyen.