[RFC] CS Use main world with Referrer Policy: strict-origin-when-cross-origin

[apades]

What happened?

record

I have try some other site with 'strict-origin-when-cross-origin', it seems this header make MAIN script can not inject into web.

Version

Latest

What OS are you seeing the problem on?

Windows

What browsers are you seeing the problem on?

Chrome

Relevant log output

No response

(OPTIONAL) Contribution

• [ ] I would like to fix this BUG via a PR

Code of Conduct

• [X] I agree to follow this project's Code of Conduct
• [X] I checked the current issues for duplicate problems.

[louisgv]

I don't think this is a bug, but rather a limitation of the MAIN world injection technique. Should rename to feat instead.

[apades]

i have find how it happend, i was set value in package.json manifest.host_permissions, this will cover base config host_permissions:["https:///"]