I am developping a content script which opens a websocket to our backend.
"permissions": {
"cross-domain-content": ["http://localhost:3000"]
}
This code allows me to request my backend through HTTP, but my websocket is still blocked by the content security policy. I tried several combinaisons and workaround to add ws://localhost:3000 to that list but nothing worked. Since this webpage makes no mention of websockets support, I start to wonder if there is a way do that.
I also encounter this issue.
Just created a Stackoverflow ticket for it:
http://stackoverflow.com/questions/36835030/firefox-add-on-sdk-extension-with-websocket-doesnt-work-for-facebook-twitter
In wikipedia (https://en.wikipedia.org/wiki/Content_Security_Policy), it even says that Addon should be exempted from CSP. But this turns out not to be the case for Firefox.
In Chrome, however, I can make things work. The websocket open inside Facebook.com, who implements CSP, to my localhost works fine. But in Firefox it doesn’t.
So I suppose this is an issue for Firefox.
Thanks for sharing that workaround. It’s been awhile though we should try to get this on bugzilla and fixed if it hasn’t been yet.
As I commented in the SO topic, using page-worker is another workaround so you can still use proper WebSockets. It’d be worth testing if this also happens for web-ext.