Refused to connect to 'https://localhost:3000/__webpack_hmr_for_injectpage' because it violates the following Content Security Policy directive: "connect-src 'self' uploads.github.com status.github.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com wss://live.github.com".
The problem is that the extension's CSP has no influence on the react app, which is injected into the page using a content script. The react app becomes part of the injected website's scope, resulting in the use of the website's (in this case Github's) CSP.
When I navigate to URLs like https://github.com/ColdSauce/CosmosBrowserAndroid I see in my console:
The problem is that the extension's CSP has no influence on the react app, which is injected into the page using a content script. The react app becomes part of the injected website's scope, resulting in the use of the website's (in this case Github's) CSP.
Do you have any idea how to circumvent this?