My extension communicate with my app using WebSocket on localhost (127.0.0.1). It works perfectly on Google Chrome or Firefox. But on Safari 14, I get :
Refused to connect to ws://127.0.0.1:51465/ because it does not appear in the connect-src directive of the Content Security Policy.
I've tried to add this :
"content_security_policy": "script-src 'self';object-src 'self';connect-src 'ws://127.0.0.1:*/'
in the manifest.json
With no success. Anyone has a clue?
Post
Replies
Boosts
Views
Activity
Can we distribute a Safari WebExtension within our notarized macOS app outside of the App Store?
The documentation says:
you must be a member of the Apple Developer Program to distribute them through the App Store.
But it is not clear if it is mandatory.
Note : we can distribute a Safari App Extension outside the App Store.
Our extension uses fecth API from the background to check if the user is properly logged. But we get this error message :
Refused to connect to https://example.com/foo/user because it does not appear in the connect-src directive of the Content Security Policy.
Even if the link https://example.com/foo/user is specified in the manifest :
{
...
"content_security_policy": "script-src 'self';object-src 'self'; connect-src 'https://example.com/foo/user' ",
...
}
We've tried
"content_security_policy": "script-src 'self';object-src 'self'; connect-src https://example.com/foo/user"
"content_security_policy": "script-src 'self';object-src 'self'; connect-src https://example.com/*"
"content_security_policy": "script-src 'self';object-src 'self'; connect-src * "
Same error message when we're trying to make a WebSocket connection (wss://exampe.com/service/bar).
For info, our Chrome/Firefox extension work perfectly with connect-src * directive .
Does someone have the same issue? If yes, how did you manage to make it work?