Had to remove

[matt-canty-dragon]

I wanted to set up https://github.com/notifications/beta as my homepage. This is blocked by security policy.

Address is set to: moz-extension://4607d0ab-14f4-f04b-8fa1-4c6cf57a1e6b/newtab.html

I ended up switching to this one: https://github.com/cadeyrn/newtaboverride

[daisylb]

Hi,

Thanks for the bug report!

The Content Security Policy that page sets contains frame-ancestors: 'none';, so that page can't be hosted in a regular iframe.

According to this page, there's a flag I can add to the iframe that'll make it act as a top-level browsing context, which means that it should prevent this. I'm at work right now, but it's a simple fix so I'll hopefully get to it tonight.

Cheers!

[matt-canty-dragon]

OK. I look forward to it. I tried another extension but I found it interruted my flow by being just a bit too slow... I wonder if yours, being so lean might be quicker. Hope so, looking forward to hearing more.

[daisylb]

Okay, so it appears that mozbrowser isn't available to extensions, and the only viable approach is to modify the request in-flight so the page doesn't know it's in an iframe. I've got that working, but GitHub also uses JS to detect if it's in an iframe, so I need to inject some code into the page to trick it on that front.

Then I need to go through everything and make sure that nothing is leaking outside of the new tab page, because if either of those things were to happen on a regular page that'd be very bad.

[matt-canty-dragon]

Sadly, due to security restrictions, I can no longer use Firefox on the machine associated with this account. However I will be in touch via my personal one!

[mattcanty]

I am now happily using this on my personal machine. However I am using linktr.ee instead now so the problem has gone away. Let me know if you want me to test anything.

[daisylb]

I'm leaving this open as it's still an outstanding issue in the plugin.