Safari Web extension connect-src does not work.

Safari & Web General
Smionean OP
Created Feb ’22
Replies 1
Boosts 1
Views 847
Participants 2

Our extension uses fecth API from the background to check if the user is properly logged. But we get this error message :

Refused to connect to https://example.com/foo/user because it does not appear in the connect-src directive of the Content Security Policy.

Even if the link https://example.com/foo/user is specified in the manifest :

{
    ...
    "content_security_policy": "script-src 'self';object-src 'self'; connect-src 'https://example.com/foo/user' ",
    ...
}

We've tried

  • "content_security_policy": "script-src 'self';object-src 'self'; connect-src https://example.com/foo/user"
  • "content_security_policy": "script-src 'self';object-src 'self'; connect-src https://example.com/*"
  • "content_security_policy": "script-src 'self';object-src 'self'; connect-src * "

Same error message when we're trying to make a WebSocket connection (wss://exampe.com/service/bar).

For info, our Chrome/Firefox extension work perfectly with connect-src * directive .

Does someone have the same issue? If yes, how did you manage to make it work?

Replies  1
Boosts  1
Views  847
Participants  2
arnoudkooi OP
May ’22

I am trieing to connect to a site I have host permissions on from a browser page. This causes the same error. Is this by design, a bug, or can it be worked around?

1
Safari Web extension connect-src does not work.
First post date Last post date
 
 
Q